The SIMalliance has announced the availability of its Open Mobile API. The organisation says that the API, which allows application providers to access the Secure Element within a mobile device, is designed to combat a “growing number of malicious attacks on smartphone applications and operating systems”.
The API provides a means to use two-factor authentication to aid the secure delivery of NFC, payment and identity services. The SIMalliance said that single factor authentication – where users log in to a mobile application or service using a password – has been shown to be inadequate as attacks on smartphone and tablet applications “increase in number and sophistication”.
By connecting the application to the Secure Element via the Open Mobile API, many of the security breaches we see today will become preventable, the SIMalliance hopes.
Created by the SIMalliance Open Mobile API workgroup, release v.1.01 of the Open Mobile API delivers the transport layer between the smartphone application and the Secure Element.
“The development of a standardised API is a very significant step towards reducing the threat of identity theft and fraud on today’s generation of smartphones and tablets,” says Frédéric Vasnier, Chairman of the Board, SIMalliance.
“Knowing their data is safe will increase consumer confidence and stimulate growing demand for new services – and that is good news for the user, the mobile operator and the hundreds of brands that now recognise the opportunities of engaging with their consumers on the mobile.”
You can read a position paper from SIMalliance here. The paper highlights the need for a change in how security is approached on the connected mobile device. It focuses on the need to create security (and security policy) at the development stage, and highlights the telecoms industry’s unique position of already having a solution to the problem.