The home of secure mobile services
Overview
BAKTAT
Smartphone
Chipcard
Secure application
A number of new, revitalized services
here is how BAKTAT works
1
Customer selects a mobile application, service, which needs security.
2
The application is installed on a smart phone just like any other regular mobile application
3
A secure application differs from the regular ones because it also has a sensitive component which requires protection and needs to be stored in a secure chip. This chip may be a microSD card, a plastic chip card, or in the future even your SIM card in the mobile phone, if your operator lets you use it.
4
Loading of the sensitive component into the secure chip is integrated into the installation of the mobile application seamlessly and conveniently, hiding all the technical complexity from the end users and the service providers.
5
When deployment is completed, the mobile phone or the plastic chip card is ready to be used for payment, entry, identification, authentication, etc. The best thing is that even multiple of the services/credentials can be stored in the chip simultaneously.
Why is BAKTAT unique?
...Before
BAKTAT
Card provided by the service provider
Single service preloaded on the card
Multiple cards – each for a specific functions
No addition or removal of apps
User buys a chip card or rents space on a chip
User decides which services to have on the card
Multiple applications on a single chip
Content can be dynamically configured
Technology

We claim that we change the way how traditional industries work. We provide new opportunities for market development and service delivery.
Using the BAKTAT architecture service providers can reach all their present and potential customers remotely, anywhere, all the time. New services, and/or additional value added functions can be provided. Less office space, less counters, less terminals will be needed, there is uncompromised security, and customers will receive more efficient, more flexible, and personalized service.
We want to prove that secure mobile service delivery is a must have technology.

Our infrastructure BAKTAT is based on a robust, modular cloud based infrastructure which can be accessed by service providers and secure element issuers using our published APIs. If for security or other policy reasons you prefer to have your own architecture it is also possible to deploy locally the modules you need. BAKTAT complies with various industry specifications, primarily with that of the Global Platform and it satisfies EAL4 security requirements.

The components of the architecture are:

IC

The Installation Controller is the workflow management component of the architecture. It is coordinating the overall confidential card content management procedure based on scripts composed by card and application specific parameters. The IC also performs the dynamic technical assessment of the target platform as well as the conflict rule assessment.

CMS

The Card Management System contains all information about the different types of chips (secure elements) managed by the BAKTAT systems. It also records and monitors all card life cycle and in-life management activities of the individual chip cards, providing a valid, up to date status overview of all the cards enrolled into the service.

AMS

The Application Management System carries out all the application related activities on the chip cards. The module assures that the chip card platform and the application to be loaded onto the card are corresponding to each other. It also assures the security compliance between the chip and the application. The AMS also stores all the rules and service provider specific preferences which direct the loading procedure.

KMS

The Key Management System performs all the security functions, like key generation, key derivation, key query, encryption and decryption, key storage and key exchange, random generation, MAC calculation, signature and verification, token management and communication protection with secure channel which are related to the BAKTAT architecture. It is connected to a HSM module using PKCS#11 interface.

LOADER

The Loader performs the over the air, remote communication between the back office and the chip card in the smartphone. It composes all the low level APDU messages which are necessary to communicate with the chip card.
Loading the player...
Use Cases

Ticketing

If you need a train ticket and do not want to bother with queuing in the line at the ticket counter, and do not want to worry about forgetting the ticket at home, then you better buy the ticket using your smart phone, and have it delivered into your handset. When the ticket arrives you may decide, whether you want to use a microSD card to store this ticket, or regular plastic chip card, or eventually even your SIM card if your mobile operator supports this option. The ticket can be presented for entry or control by using the mobile phone.

Access Control

Many offices need some kind of entry card, or in case of visitors, registration at the reception in order to enter the premises of a company. With BAKTAT you can distribute your company’s access credentials to your employees right onto their handsets. Also you can invite your visitors by sending their invitations, containing their temporary access permits to their phones, thus freeing up security personal from issuing and collecting the visitors’ entry cards. This is a convenient and efficient way to manage your access control function. The same technology can be used for sending out room keys to hotel guests or car keys for rental or shared cars.

ID card

ID cards, even multiple of them can be stored in a single chip. Issuing or renewing these cards can be done conveniently and securely by using BAKTAT. After an initial authentication remote distribution is just as secure, as the regular procedure, when the person must appear at the issuing office, however introducing remote distribution is a lot more efficient and user friendly.

Personal credentials

If you have a chip card, you should be able to use it for your own purposes as well. Presently there is not any commercial service which would provide you this option. If you get a chip card it is usually tied to a service provider or authority and is closed. No one can add any content to it anymore. With BAKTAT you can decide what you want to store on your own chip, and it can be any kind of personal information – like your health data - , or a password, or a car key, or even a private digital key, which you can use for personal authentication or authorization of remote transactions.

Smart Home

You probably have heard about digital signature. Having your secret key also stored on the chip, you can authenticate yourself remotely.
You may be one of the growing number of persons, who have a home surveillance system. If this system is state of the art, then besides just watching what is happening at home, you can also supervise certain functions. Turn the camera on or off, open or close the door, manage the thermostat. Without the right level of protection if you can do it, others can do it as well. Well, your secure credential on the chip in your mobile phone provides exactly the high level of security what you need for these actions.

Internet of Things (IoT)

Internet of Things (IoT) is the next big thing, it is revolutionizing technologies in many industries. Objects connected with each other, objects connected with a back office, sensors placed everywhere. You need a flexible, robust, secure solution which ensures that the communication between these objects is trusted and reliable but still flexibly manageable. Just think about the new remote health monitoring systems, or the connected cars which will impact the life of millions of people, and you will see how important it is what we are doing. We can guarantee the required level of security with BAKTAT

CASE Studies
#1
A transport service operator in a European capital is piloting a mobile ticket service and will be using BAKTAT to distribute the monthly certificates of its annual transport passes to selected users. The convenience and security is obvious for the travelers, and the ticket inspection is also automated with an application running on smart phones.
#2
An ICT company is sending out its meeting invitations to frequent partners to their mobile phones including the one time credentials they need to use for entering the premises of the company. The new solution saves time both for the personal of the company and provides an innovative, convenient user experience for the visitors.
#3
A regional transport company wants to assure that tourists have the opportunity to select the trips they want to make, and then they can use a regular transport card with loading the selected ticket type on the plastic chip card. BAKTAT will enable the smart phones to top up the cards as required.
#4
A Hotel wants to let its loyalty program members book their specific rooms, not just a room. What is more these guests would also receive their room keys online into their mobile phones, which then would be stored on a microSD or on the loyalty card of the guest. Upon arrival, having their keys already, these people can proceed directly to their rooms and do not need to show up at the front desk of the hotel.
#5
In a major cultural development program the program manager wants to combine transport and visitor cards offering combined benefits/discounts for the participants. The Cultural Pass would be managed over the air, remotely, using the tourists’ smart phone, and could be topped up, refreshed with daily promotions, providing lower cost entry to museums and access to special programs.
Our Partners
about

We are a research and development project consortium comprising four partners, SCH-PS Ltd., Fornax ICT Ltd., Bull Ltd., and the Budapest University of Technology and Economics. We are carrying out our research activity with the funding support of the National Research Development and Innovation Office. We have substantial experience in mobile communication technologies, wireless sensor networks, chip card and security technology as well as in large scale system development. The BAKTAT architecture will soon be made available to our partners as a full scale commercial service.

Contact

www.baktat.eu | info@baktat.eu
43 Szepvolgyi road, H-1037 Budapest