A Privacy Preserving Application Acquisition Protocol

Raja Naeem Akram, Konstantinos Markantonakis, Keith Mayes

Research output: Other contribution

12 Citations (Scopus)


In the smart card industry, the application acquisition process involves the card issuers and application providers. During this process, the respective card issuer reveals the identity of the smart card user to the individual application providers. In certain application scenarios it might be necessary (e.g. banking and identity applications). However, with introduction of the Trusted Service Manager (TSM) architecture there might be valid cases where revealing the card user's identity is not necessary. At the moment, the secure channel protocols for traditional smart card architecture including the TSM does not preserve the privacy of the card users. In this paper, we propose a secure and trusted channel protocol that provide such feature along with satisfying the requirements of an open and dynamic environment referred as User Centric Smart Card Ownership Model (UCOM). A comparison is provided between the proposed protocol and selected smart card protocols. In addition, we provide an informal analysis along with mechanical formal analysis using CasperFDR. Finally, we provide the test implementation and performance results.
Original languageEnglish
PublisherIEEE Computer Society Press
Place of PublicationLiverpool, United Kingdom
Publication statusPublished - 1 Jun 2012


  • Cryptography
  • Secure Protocol
  • Trusted Protocol
  • Smart Card
  • GlobalPlatform
  • Java Card
  • Application Download
  • Common Criteria
  • GlobalPlatform Consumer-Centric Model
  • User Centric Smart Card Ownership Model
  • Issuer Centric Smart Card
  • Privacy Preserving
  • CasperFDR
  • Performance Evaluation


Dive into the research topics of 'A Privacy Preserving Application Acquisition Protocol'. Together they form a unique fingerprint.

Cite this