U.S. patent application number 13/996458 was filed with the patent office on 2013-12-19 for management of communication pipes in a telecommunication device coupled to an nfc circuit.
This patent application is currently assigned to Proton World International N.V.. The applicant listed for this patent is Alexandre Charles, Thierry Huque, Olivier Van Nieuwenhuyze. Invention is credited to Alexandre Charles, Thierry Huque, Olivier Van Nieuwenhuyze.
Application Number | 20130337770 13/996458 |
Document ID | / |
Family ID | 43877173 |
Filed Date | 2013-12-19 |
United States Patent
Application |
20130337770 |
Kind Code |
A1 |
Huque; Thierry ; et
al. |
December 19, 2013 |
MANAGEMENT OF COMMUNICATION PIPES IN A TELECOMMUNICATION DEVICE
COUPLED TO AN NFC CIRCUIT
Abstract
A method for detecting an attempt of diversion of a
communication pipe between a port of a security module and a port
of a near-field communication router present in a telecommunication
device, wherein the router filters the messages addressed to said
security module.
Inventors: |
Huque; Thierry; (Ramillies,
BE) ; Van Nieuwenhuyze; Olivier; (Wezembeek-Oppem,
BE) ; Charles; Alexandre; (Auriol, FR) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Huque; Thierry
Van Nieuwenhuyze; Olivier
Charles; Alexandre |
Ramillies
Wezembeek-Oppem
Auriol |
|
BE
BE
FR |
|
|
Assignee: |
Proton World International
N.V.
Zaventem
BE
STMicroelectronics (Roesset) SAS
Rousset
FR
|
Family ID: |
43877173 |
Appl. No.: |
13/996458 |
Filed: |
December 16, 2011 |
PCT Filed: |
December 16, 2011 |
PCT NO: |
PCT/FR11/53023 |
371 Date: |
August 29, 2013 |
Current U.S.
Class: |
455/410 |
Current CPC
Class: |
H04L 63/107 20130101;
H04W 12/06 20130101; H04L 63/0492 20130101; H04L 63/083 20130101;
H04L 63/1466 20130101; H04W 12/1204 20190101; H04W 4/80 20180201;
H04W 12/08 20130101; H04L 63/0245 20130101 |
Class at
Publication: |
455/410 |
International
Class: |
H04W 12/12 20060101
H04W012/12 |
Foreign Application Data
Date |
Code |
Application Number |
Dec 20, 2010 |
FR |
1060819 |
Claims
1. A method for detecting an attempt of diversion of a
communication pipe between a port of a security module and a port
of a near-field communication router present in a telecommunication
device, wherein the router filters the messages addressed to said
security module.
2. The method of claim 1, wherein the message comprises at least
one channel identifier and one instruction code, the router
comparing the instruction code with authorized codes that it
contains.
3. The method of claim 2, wherein the router compares the format of
the data of the message with authorized formats that it
contains.
4. The method of any of claim 1, wherein the router comprises a
table containing, for each type of control signal that may be
received, an authorization or denial code.
5. A method of secure transmission of data in a telecommunication
device, implementing the method of any of claims 1 to 4 claim
1.
6. A near-field communication router (18), comprising means capable
of implementing the method of any of claims 1 to 5 claim 1.
7. A telecommunication device equipped with the near-field
communication router of claim 6.
Description
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application is a U.S. National Stage patent application
based on International patent application number PCT/FR2011/053023,
filed Dec. 16, 2011, which claims the priority benefit of French
patent application number 10/60819, filed Dec. 20, 2010, which
applications are hereby incorporated by reference to the maximum
extent allowable by law.
BACKGROUND
[0002] 1. Technical Field
[0003] The present disclosure generally relates to transactions
performed by means of mobile telecommunication devices of cell
phone type. The present disclosure more specifically applies to
such devices, further equipped with a near field communication
circuit (NFC).
[0004] 2. Discussion of the Related Art
[0005] Cell phones are more and more often equipped with a
near-field communication interface which enables them to combine
electromagnetic transponder functions with mobile telephony
functions. In particular, this adds functions of emulation of an
electromagnetic transponder, of contactless or contactless card
reader type to the mobile telecommunication device, for example a
personal digital assistant, a cell phone, a smartphone, etc. This
considerably enhances the features of the mobile device, which can
then be used, for example, as an electronic purse, as an access or
transport ticket validation device, etc.
[0006] To emulate the operation of a contactless chip card, the
mobile telecommunication device is equipped with a contactless
front-end integrated circuit (CLF), also called NFC router. This
router is equipped with a radio frequency (RF) transceiver front
head associated with a low-range antenna to communicate like an
electromagnetic transponder. The router uses the capacities of the
processor(s) of the mobile device for data processing and storage
operations. For access control, electronic purse, payment, and
other applications, a secure element enabling to authenticate the
user is used. This secure element is either integrated to the
mobile telecommunication device (dedicated integrated circuit,
circuit welded to the printed circuit board) or contained in a
microcircuit supported by a subscriber identification module (SIM),
or any other removable card, for example, in the standard format of
a memory card.
[0007] An NFC router may also be present in a mobile device of USB
key type, in a bank teller terminal, in an adhesive device
(sticker), etc.
[0008] An emulation of a contactless card in a mobile
telecommunication device is capable of generating weak points in
terms of transaction security.
[0009] It would be desirable to be able to detect such weak
points.
[0010] It would further be desirable to avoid such weak points to
secure transactions.
SUMMARY
[0011] Embodiments overcome all or part of the disadvantages of
mobile telecommunication devices associated with a near-field
transmission module.
[0012] Another embodiment improves the security against a hacking
attempt on a security module of subscriber identification module
type, contained in a telecommunication device associated with a
near-field transmission module.
[0013] Another embodiment provides a method for detecting an
attempt at diversion of a communication pipe between a port of a
security module and a port of a near-field communication router
present in a telecommunication device, wherein the router filters
the messages addressed to said security module.
[0014] According to an embodiment, the message comprises at least
one pipe identifier and one instruction code, the router comparing
the instruction code with authorized codes that it contains.
[0015] According to an embodiment, the router compares the format
of the data of the message with authorized formats that it
contains.
[0016] According to an embodiment, the router comprises a table
containing, for each type of control signal that may be received,
an authorization or denial code.
[0017] An embodiment also provides a method of secure data
transmission in a telecommunication device.
[0018] An embodiment also provides a near-field communication
router.
[0019] An embodiment also provides a telecommunication device
equipped with a near-field communication router.
BRIEF DESCRIPTION OF THE DRAWINGS
[0020] The foregoing and other objects, features, and advantages of
the present disclosure will be discussed in detail in the following
non-limiting description of specific embodiments in connection with
the accompanying drawings.
[0021] FIG. 1 schematically shows a mobile telecommunication device
of the type to which the present disclosure applies as an
example;
[0022] FIG. 2 is a diagram illustrating a function of a near-field
transmission module of the device of FIG. 1;
[0023] FIG. 3 very schematically illustrates an attack capable of
exploiting a weakness of the telecommunication device of FIG.
1;
[0024] FIG. 4 illustrates an embodiment of a preparatory phase of
such an attack;
[0025] FIG. 5 illustrates an embodiment of a method of protection
against such an attack; and
[0026] FIGS. 6A and 6B very schematically illustrate an embodiment
of a method of protection against the attack illustrated in FIG.
3.
DETAILED DESCRIPTION
[0027] The same elements have been designated with the same
reference numerals in the different drawings. For clarity, only
those elements and steps which are useful to the understanding of
the present disclosure have been shown and will be described. In
particular, the coding and communication protocols, be it for
near-field transmissions or for telecommunications in GSM mode,
have not been detailed, embodiments being compatible with usual
protocols. Further, the circuits forming the mobile communication
device have not been detailed either, the embodiments being here
again compatible with usual programmable devices.
[0028] FIG. 1 very schematically shows a mobile telecommunication
device (for example, a cell phone) of the type to which the
embodiments apply as an example. The different elements of
interface with the user (keyboard, display, speaker, etc.) have not
been shown, since these elements are not modified by the
implementation of the embodiments which will be described.
[0029] Device 1 comprises a central processing unit 12 (CPU/TH)
formed of at least one microcontroller forming the device core.
This microcontroller is referred to as a terminal host. For the
telecommunication operation over a network (GSM, 3G, UMTS, etc.),
the microcontroller uses identification and authentication data
provided by a subscriber identification module 14 (SIM) which forms
a security module of the device. Microcontroller 12 is capable of
using one or several internal memories, not shown, of the
telephone. Telephone 1 may also comprise a memory card reader 16 or
other buses of communication with the outside to load data and/or
applications into the telephone.
[0030] Mobile devices to which the described embodiments apply
combine the telecommunication function with that of a near-field
contactless transmission system (NFC). To achieve this, device 1
comprises a circuit 18 (CLF--ContactLess Front-End) forming a
near-field communication module like an electromagnetic
transponder. Module 18, also called NFC router, is associated with
an antenna 182 distinct from an antenna 20 intended for the mobile
telephony network. Circuit 18 may be associated with a security
module (SSE) 24 distinct from SIM card 14 and directly present on
the printed circuit board of the telephone, or supported by a
removable microcircuit card (for example, in the format of a memory
card). A security module is an electronic circuit for securely
executing applications and guaranteeing the security
(secret/integrity) of data manipulated by such applications.
[0031] The different elements of device 1 communicate according to
various protocols. For example, circuits 12 and 18 communicate over
a link 1218 of I2C or SPI type, SIM card 14 communicates with
microcontroller 12 over a link 1214 according to ISO standard
7816-3, and security module 24 communicates with router 18
according to this standard over a link 2418. Router 18 communicates
with the SIM card, for example, over a single-wire bus 1418
(SWP--Single Wire Protocol). Other versions of protocols and links
are of course possible.
[0032] The embodiments will be described in relation with a GSM
telephone. The embodiments, however, more generally applies to any
telecommunication device adapted to a mobile network (for example,
Wifi, Bluetooth, WiMax, etc.) and associated with a contactless
transmission module (NFC router), for example, a USB key, a bank
terminal, a power consumption meter, or other), an access or
transport ticket validation terminal, etc.
[0033] Similarly, the near-field communication module will be
referred to as a router since it generally integrates all the
functions useful for the emulation of a contactless card within a
same circuit, the described embodiments however applying to any
NFC-type module.
[0034] Router 18 comprises physical terminals of connection to
links 1218, 1418, and 2418 and manages logic gates for assigning
these terminals to the different functions associated with
near-field communications. Router 18 thus comprises a processor and
volatile and non-volatile memories for storing, among others, a
routing table for the different logic gates. Some gates are
reserved for router administration functions while others can be
freely assigned by the router.
[0035] In operation, router 18 makes available and manages
different pipes of communication with the other circuits 12, 14,
24, etc. of the mobile device to provide these circuits access to
the near-field communication functions, that is, to gates connected
to radio frequency transmission circuits, called RF gates.
[0036] FIG. 2 very schematically illustrates, in the form of
blocks, the routing function of router 18. For simplification, FIG.
2 is a structural representation while, in practice, the assignment
of the different gates to the different circuits of the mobile
device is a software operation performed by the routing table.
[0037] Each of the router terminals (TERMINALS) is assigned one or
several gates (GATES). In the example of FIG. 2, it is assumed that
physical links 1418 and 1218 of SIM card 14 and of microcontroller
12 are connected to terminals of router 18 and that gates are
assigned to these circuits. Several gates may be assigned to a same
circuit (which is symbolized in FIG. 2 by the connection of a same
terminal to several gates). The routing table (ROUTING TABLE) of
router 18 assigns some gates to internal functions (for example,
configuration and administration functions), but also creates pipes
(PIPE) between some gates assigned to the SIM card or to the RF
microcontroller, and gates (RFGATES) comprised in module 18. This
corresponds to the creation of pipes (PIPE) between the circuits
external to router 18 and its RF transmission circuits for the
implementation of the different applications requiring a near-field
communication. For example, in bank, transport, electronic purse,
access, and other applications which require a secure
identification or authentication of the user, one or several pipes
are created between the router and the SIM card to use the secure
user identification data and validate the transaction.
[0038] The integration of NFC routers in mobile telecommunication
devices and the sharing of the same security module (SIM card)
generate weak points in terms of security.
[0039] Authentication tools may be provided to make sure that the
links between the router and the different external circuits are
not pirated. However, this appears to be insufficient in view of a
weak point that the present inventors have identified and which
will be described hereafter.
[0040] Router or NFC module 18 generally is a single integrated
circuit and its external accesses are rather well protected against
possible hacking attempts.
[0041] Up to now, the main concern has been to guarantee that a
near-field transaction emulated by the mobile device would not
enable a pirate device intercepting the near-field communication to
exploit data provided by the security module.
[0042] However, there remains a risk, since router 18 also manages
a pipe (ATPIPE symbolized in dotted lines in FIG. 2) of
communication between SIM card 14 or any other security module and
microcontroller 12 of the mobile telecommunication device. This
pipe is normally used so that SIM card 14 informs microcontroller
12 that a message reaches it over the NFC link. It is however also
possible to divert this use to make security module 14 believe that
it communicates with the router for a near-field transaction and
thus over a pipe with the RF gates of the telephone, while it is
actually communicating with microcontroller 12.
[0043] FIG. 3 very schematically illustrates in the form of blocks
the possible exploitation of a pipe ATPIPE between a SIM card 14
and a microcontroller 12 of a cell phone 1.
[0044] It is assumed that, in a preparatory phase of the attack,
GSM phone 1 has been hacked and a pipe ATPIPE has been diverted via
router 18 between its SIM card 14 and its microcontroller 12. The
routing table of router 18 thus contains the data of the "diverted"
pipe. It is also assumed that a pirate application (PA) has been
stored in a memory 13 (MEM) of phone 1 and that this application
may provide instructions to microcontroller 12. Several embodiments
of the preparatory phase will be discussed subsequently. The user
of device 1, once it has been hacked by the loading of application
PA and by the creation of pipe ATPIPE, is not capable, as will be
seen hereafter, to notice a malfunction. He uses his telephone
normally.
[0045] One of the functions of application PA is to automatically
trigger a response of phone 1 after a request originating from the
telecommunication network and transmitted by another mobile device
3 owned by the attacker. The pirate device for example is another
GSM phone 3 which uses its own subscriber identification module to
communicate over the GSM network (symbolized by a relay antenna 5).
It may also be a microcomputer associated with a GSM module.
[0046] In the example of FIG. 3, device 3 is also equipped with a
contactless router, for example, to initiate near field
transactions with a terminal 7 (for example, an NFC terminal or any
other contactless communication terminal). For example, device 3 is
used to make a purchase with a payment to be validated by its NFC
router.
[0047] Normally, for such a payment, the router of telephone 3
manages a communication pipe with the subscriber identification
module (or another dedicated security module) of this telephone to
authenticate the user and validate the payment.
[0048] In the mechanism of FIG. 3, at the payment validation,
telephone 3 uses the GSM network to ask telephone 1 to validate the
payment by means of its subscriber identification module. For
example, device 3 sends an SMS over network 5 which, when received
by telephone 1, is processed by the pirate application. Said
application simulates requests from the RF gates and transmits them
over pipe ATPIPE, so that identification module 14 responds and
validates the transaction. This validation is diverted by
microcontroller 12 and is sent back to device 3 which, in turn,
transmits it to its NFC router to validate the payment for terminal
7. As a result, the payment is debited to the subscriber of
telephone 1 and not to the attacker owning device 3. Most often, a
contactless application requires no interaction with the terminal
(7, FIG. 3) except for a presentation of a contactless device. In
particular, no PIN keying is required for a near-field
communication to avoid lengthening the transactions, so that device
3 may easily hack distant device 1.
[0049] The countermeasures providing encryptions and/or signatures
between terminal 7 requesting the authentication and the security
module are ineffective to counter this attack. Indeed, the data
between terminal 7 and module 14 need no decoding. A communication
pipe has actually been established between module 14 of telephone 1
and terminal 7 via telecommunication network 5, so that module 14
behaves as if it was in near field transaction with terminal 7.
[0050] The same type of piracy may occur for passage authentication
or validation applications, of secure access type.
[0051] Further, this attack may also be successful even without for
pirate device 3 to use its own NFC router, for example, if it uses
a contactless communication mode, provided for the requested
authentication to originate from a security module and to respect
the formats and protocols used by the NFC protocol. Further, such
an attack may be used to divert any data from device 1 in favor of
a pirate system (for example, data duplicating the content of the
magnetic track of a card in a bank payment application).
[0052] Further, the attack may involve the SIM card of cell phone 1
or of any other security module (for example, module 24), provided
for a pipe to be managed by router 18 between this module and a
circuit (generally, microcontroller 12) capable of managing
communications over network 5.
[0053] This attack on near-field transactions, exploiting the
telecommunication network, is due to the presence of a
communication pipe, via the NFC router, between a security module
and a microcontroller connected to this router.
[0054] Implementing the attack requires a preparatory phase in
which an intervention of the telephone 1 which is desired to be
pirated is necessary. This preparation requires an intervention
depending on the security level provided by the SIM card to the
management of the NFC communication pipes.
[0055] In a simplified embodiment, the microcontroller is allowed
to create a pipe on any free gate. In this case, a pirate
application loaded into the microcontroller is capable of creating
a pipe through the NFC router to the SIM card. If, afterwards, the
SIM card performs no other checking than to acknowledge that the
format of the requests corresponds to the format of a radio
frequency frame originating from an NFC circuit, the pirate
application may attack the SIM card.
[0056] According to another embodiment, security module 14 is more
advanced and checks the association between the numbers of the
pipes or of its own gates and the RF gates.
[0057] In a first case, it is considered that SIM card 14 does not
take into account the circuit with which the gate is created (and
thus, the fact that it may be a gate intended for the
microcontroller). This embodiment exploits the fact that the
assignment of the pipe numbers (identifiers) is often sequential.
It is first started by asking the microcontroller to suppress a
pipe between the SIM card and the RF gates. Then, a pipe having the
same identifier is created between the microcontroller and the SIM
card.
[0058] FIG. 4 illustrates another embodiment of a preparatory phase
of the attack aiming at diverting a pipe between router 18 (CLF)
and the SIM card (SIM1) of a user. This embodiment is more
specifically intended for systems in which the SIM card makes sure,
before transmitting data to the CLF router, that it has effectively
controlled the creating of the communication pipe therewith.
[0059] The fact that, prior to the initialization of device 1, the
SIM card checks whether it has already been in the presence of
router 18 is exploited herein. If it has not, it reconfigures the
pipes between its gates and the NFC router. In a normal operation,
at the first connection of card SIM1 in telephone 1, the card
causes the creating, at the level of the so-called transport layer,
of at least one communication pipe, identified as SYNCID1, with the
CLF router. For this purpose, card SIM1 sends to the CLF router
both synchronization data SYNCID 1 and a number (typically, a
random number RD1). Number RD1 is stored in the CLF router and is
used by card 14 to check that it has already caused the creation of
pipe with this router. On each initialization, the card verifies
the existence of number RD1 in the router. To achieve this, the
card requests from the router to create a pipe between one of its
gates, identified as GATEID, and one of the RF gates, identified as
RFGATEID. The router then creates a pipe and assigns it an
identifier PIPEID and, at the same time, stores said identifier in
the routing table and communicates it to card SIM1. Each time data
are requested by the router, card SIM1 verifies that identifier
PIPEID of the pipe is correct.
[0060] To implement the attack, the hacker should have cell phone 1
and card SIM 1 in his possession for a period of time. This is
relatively easy, for example, by asking the owner of the cell phone
to lend it to supposedly make a call, or by fraudulently using a
phone during a maintenance operation, for example, in a mobile
telephony shop.
[0061] With card SIM1 and the telephone provided with router 1, the
pirate starts by introducing card SIM1 into a pirate device (PIRATE
READER), for example, another cell phone having a microcontroller
capable of executing a piracy program complying with the described
functions, or a computer provided with a card reader and simulating
a router. Since card SIM1 has never met the NFC router of the
pirate device or emulated by said device, it generates a new
synchronization identifier SYNCID2. It sends back gate identifiers
RFGATEID and GATEID to create the corresponding pipes. The pirate
router then assigns, to at least one pair of gates, a pipe FPIPEID
which corresponds to a gateway between the router and an external
gate of the microcontroller instead of associating gate GATEID to
an RF gate. Identifier FPIPEID and identifiers SYNCID2 and RD2 are
then loaded into a falsified card SIM2. Card SIM2 then contains a
routing table associating gates RFGATEID and GATEID with pipe
FPIPEID.
[0062] Then, card SIM2 is introduced into telephone 1. Identifiers
SYNCID2 and RD2 are then transferred to CLF router 18 to create
pipe FPIPEID between gates designated as GATEID and RFGATEID. This
amounts to modifying the routing table of the router so that when
the pipe between gates GATEID and RFGATEID is called, the assigned
pipe is pipe FPIPEID instead of PIPEID.
[0063] The assignment of pipe FPIPEID may take various forms
according to the way in which the pipes are assigned to the gates
in the router. For example, a phase of observation of the gate
assignment is gone through by placing card SIM2 in the router to
observe the pipe assignment method, before introducing card SIM2
into the pirate reader.
[0064] The "real" card SIM1 is then placed back into telephone 1.
Since the CLF router knows identifiers RD2 and SYNCID2, the card
considers that it "knows" the router and does not recreate pipes
therewith. When card SIM1 requests a communication towards gate
RFGATEID, the router uses the assigned pipe FPIPEID.
[0065] The GSM terminal has effectively been hacked, that is, a
pipe FPIPE (or ATPIPE, FIG. 2) has been created between a gate
GATEID of the SIM card and a gate of microcontroller 12, while card
SIM1 believes that this pipe connects its gate GATEID to gate
RFGATEID. This pipe can then be diverted for a distant access over
the GSM network from another terminal (FIG. 3). The downloading of
pirate application PA can be performed either subsequently or at
the same time as the pirate pipe generation.
[0066] There are various possibilities, depending on device 1. For
example, the routing table may be read from. If this is not
possible, it is possible, when card SIM1 is in the pirate reader,
to emulate an operation of the CLF circuit, in order to obtain the
full configuration stored in this card. A pirate card SIM2 or a
card emulator may also be used to extract the data from the routing
table in valid phone 1.
[0067] It can thus be seen that it is possible to parameterize the
diverting of a communication pipe between a security module and an
NFC router to establish a pipe between this module and the
telephone microcontroller, external to the NFC router.
[0068] So that the user of telephone 1 does not notice the piracy,
even when he uses his contactless mode, the pirate application must
comprise the function of redirecting pipe FPIPE towards the RF
circuits of the router when a data request towards the SIM is
transmitted by router 18.
[0069] FIG. 5 partially shows in the form of blocks an embodiment
of a mobile telecommunication device according to an
embodiment.
[0070] As in FIG. 1, it features a central processing unit 12
(TH--Terminal Host) capable of communicating with a contactless
router 18 (CLF), itself capable of exchanges with a security module
14 (for example, a SIM card). Usually, router 18 comprises a
routing table (not shown) putting a pipe identifier PIPEID in
correspondence with two gate identifiers GATEID between which the
pipe is created.
[0071] According to the embodiment of FIG. 1, the router further
comprises an interception module 20 comprising a filtering table
containing, for each pipe (PIPE), between the router and the SIM
card, parameters enabling the router to determine whether a message
or an instruction addressed to the SIM card is to be authorized or
not (Y/N). Thus, the router is modified to intercept all requests
of pipe creation with secure module 14. The table preferably also
contains data relative to the events authorized on the pipe, which
enables to refine the selection of the permitted functions.
[0072] More generally, a filtering table is provided for each
security module connected to the router, for example, the
microcontroller, another security element, etc.
[0073] Usually, an instruction INST transiting through router CLF
comprises the pipe over which the message is to be transmitted the
type of message, an actual instruction code and, possibly, data.
This message is intercepted by the filter comprised within the CLF
router before allowing its transmission to the SIM card.
[0074] According to an embodiment, all messages going from the
microcontroller to the SIM card (or any other security module) are
blocked by the router based on a specific instruction code (for
example, the code known as HTP) or on the combination of the table
and of the parameter format of this instruction. Messages are thus
limited to those between the actual telephone central processing
unit and the SIM card, which respect the expected instruction
format. Now, to implement the above-described attack, messages
meaning nothing for the application have to be sent. Such messages
are thus blocked and do not reach the SIM card.
[0075] FIGS. 6A and 6B illustrate the operation of the system of
FIG. 5, respectively for an authorized control signal (Y) and for a
non-authorized control signal (N).
[0076] In the example of FIG. 6A, a message or control signal
CMD(Y) is sent by the telephone (HS), more specifically by the
telephone microcontroller, to the CLF router. It is assumed that
this control signal has a format and/or parameters authorized by
the filtering table of the router. The router, after having checked
(CHECK) in its tables, authorizes the transmission of this control
signal to the SIM card. Once the SIM card has received it on its
pipe created through the NFC router, it responds (RES) to the
microcontroller through the router.
[0077] In the example of FIG. 6B, the control signal is assumed to
correspond to an unauthorized control signal. The microcontroller
of the telephone thus sends this control signal to the SIM card via
the CLF router. Said router, by performing the checking steps
(CHECK) intercepts this control signal and stops it (STOP). It may
here be an attack such as previously described in relation with
FIGS. 3 and 4.
[0078] The implementation of the described embodiments requires a
modification of the internal operation of the CLF router to provide
a specific filtering table therein. This implementation is within
the abilities of those skilled in the art based on the functional
indications given hereabove and by using tools which are usual per
se.
[0079] Various embodiments have been described. Various alterations
and modifications will occur to those skilled in the art. In
particular, the embodiments have been described in relation with an
example of a security module formed of a SIM card. They however
more generally apply to any security module capable of
communicating with the NFC router.
[0080] Such alterations, modifications, and improvements are
intended to be within the spirit and scope of the invention.
Accordingly, the foregoing description is by way of example only
and is not intended as limiting. The invention is limited only as
defined in the following claims and the equivalents thereto.
* * * * *