User Centric Smart Card Ownership Model
Currently working on the User Centric Smart Card Ownership Model (UCOM) and the motivation came from the introduction of new technologies and exploration of different business models in which a mobile phone based smart card (secure element) has multiple applications (i.e. banking, fare charging, and telecom, etc.) and can be used as a contact-less smart card is encouraging.
However, the ownership issues may still cause the deceleration in its wide-scale adoption. Therefore, we present a different approach towards this problem. Instead of trying to solve the smart card control issue among the card issuers, we propose to delegate the control to its users. Such a model that provides more flexibility, convenience and gives the control of the smart card to its users is referred to as User Centric Smart Card Ownership Model.
The term ownership (control) in the proposed model means smart card users can choose (any) application(s) independently and ubiquitously to be installed or deleted from their card(s). The ownership does not imply that they also own the platform that supports the model or any installed application(s). The platform ownership will enable an entity to change its functionality and if its ownership is with a malicious entity then effectively they can retrieve the sensitive information about any application(s) installed on the card.
Therefore, for security reasons the platform ownership will remain with the platform itself. No external entity including the smart card manufacture will have the ownership. The application(s) installed on the smart card will always be in total control of the application issuers (i.e. Service Providers) and user will be entitled to uses these applications under the lease policy of the respective Service Provider.