NFC ecosystem stakeholders can now test their NFC cardlets securely online, saving them time and money
FIME today launches TrustApp, a secure online testing portal for near field communication (NFC) applications embedded in secure elements. Mobile network operators (MNO) and NFC service providers can now validate the security of their sensitive and basic NFC applications, quicker and more cost effectively.
“As TrustApp is online, it allows stakeholders to perform on-demand pre-certification security testing throughout the development process, 24/7 and wherever they are,” comments Christian Damour, Head of Product and Services Marketing, Security, at FIME. “Applications can then be submitted to a test laboratory for final validation with confidence that they will pass the official testing process. This process helps our customers save time and money while avoiding the frustration that can arise if an issue is identified at this final approval stage.”
The primary function of the portal is CAP File analysis. Due to the sensitivity of testing the CAP File – an NFC application’s bytecode which contains intellectual property – the file is automatically encrypted on the client’s machine before it is uploaded to the testing platform and stored on a secure server. Testing this file confirms that the NFC application conforms to the relevant industry security standards. The portal also gives users immediate and convenient access to fully automated end-to-end application testing and report generation, as well as report download.
“This service helps NFC service providers to ensure their NFC applications are compliant, at their convenience,” adds Christian. “Both sensitive and basic applications need to be tested to complete the NFC security chain as even the simplest of NFC applications could compromise a user’s device if it does not meet the required standards. The ability to access a secure online portal to perform pre-certification testing makes the whole process quicker and more convenient, while reducing overall costs and maintaining the security of customers’ data.”
FIME has developed this service in collaboration with the Celtique team at Inria, a research team dedicated to improving the security and reliability of smart card and secure device software. It includes analysis for alignment with key security rules from a number of international industry authorities and platform manufacturers. Additional bespoke security rules can also be developed and added to the tool.
Once the basic or sensitive application has been verified by the online portal, the final stage is local laboratory validation by FIME’s experts. Applications are subjected to additional CAP File analysis, source code review and testing for compliance to the key security rules. Sensitive applications are also security tested against relevant industry application requirements.