How to store android application data on sim card using NFC?
https://stackoverflow.com/questions/9361764
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am developing a NFC application. My application will process secret information and I want to store that data on the SIM card. Is it possible, and if it is possible, how can I do this? My phone's android version is Android 2.3.5.
Solution
tl;dr - it is not currently possible without enormous effort.
You want to use the SIM card as the Secure Element in Card Emulation mode - this is the approach favoured by GSM Association. To access the Secure Element (on SIM or Integrated Chip), you need to use a Trusted Service Manager (TSM). In your case, the TSM would send data to your SIM card using binary SMS messages. The problem is that it is very early days for NFC on mobile phones. Tag reading/writing is simple enough but accessing the Secure Element is not. There are very limited trials of NFC SmartPhones using SIM as secure element for Card Emulation, and the trials are all currently limited to a specific Mobile Network Operator (MNO) in specific countries.
If you do want to do this, you need to read the specifications, write a TSM and then get the necessary contracts with the MNOs to be allowed to use their SIMs.
Good luck!
OTHER TIPS
Like Kevin says, it's not possible without a lot a effort.
One way to do it, could be to use a TSM. But it's inefficient for what you are trying to achieve and it require to be "online". You send some information to the TSM server and then it sends some data to your SIM card.
== Phone == | | == TSM ==
Application | ---- Network ----> | Server
SIM card | <----------------- |
And TSM is not enough. You will also need the SIM card credentials. Without those credentials, you won't be able to update the SIM card data from the TSM. Those credentials are controlled by your mobile operator. Finally, a TSM is not mandatory at all.
With that above schema, we see a more obvious way to do it by establishing a link : Application --> Simcard. This time it works even if you have no network. But Android is conceived in a way, there is no direct contact between applications and the SIM card. There is some solution, if you are interested, it's well explain in that article.
Here are some requirement :
- You may need to patch the RIL layer
- You need to patch the source code of Android
- You need to have credentials of your SIM card (UICC) (You can buy developer SIM card, but it won't be able to connect the network because it doesn't contain your operator credentials)
- You need to know how to develop software for SIM card (usually Javacard)
- ...
The easiest way to store secret data, in a secure way, without to many headache will be to use a special SD card as a secure element. No need to patch anything, no need to have root access, no need to have SIM card credentials. You may still have to develop your own SD card "software" to host your data there.
Security is about threat level compared to protection level. It's likely that Secure Element is a bit too much work to secure your data. Depending what data you try to secure, you may use built-in Android mechanism that will be secure enough.
I have a similar requirement. My approach is, not to use the GSM operator's SIM. But i am working on finding a way to make GSM operator use my SIM. Then I will have my own access mechanisms to store my secure items in the card.
Yasin Yilmaz
