The StoLPaN project has elaborated a post issuance management process which is described in its 1st White Paper (can be found on this site: )

The DIAD_NFC project has elaborated a detailed procedure and implementation based on the initial Stolpan specification which has the following objectives:

The application post issuance procedure should be

quasi real time

waiting time with staying connected

fully automated

adaptable workflow

technologically transparent

any architecture


single procedures for the service providers

homogenous user experience

secure but flexible

distributed architecture

multiple CAs

manageable even between unknown, ad hoc parties

open and interoperable

supportable with a reasonable business model

The process, which fulfills the above requirements, consists of the following steps:

User (Card Holder) identifies a service – (service discovery)

smart poster, web, etc, SMS link, etc.

User contacts the Service Provider, to request the loading of an application into the handset

User Agent Profile info (built into the data communication)

internal communication between Service Provider and Service Provider Security Domain Manager (SP SDM = TSM)

User requests loading of a cardlet from SP SDM

service request using data channel initiated by the User

the User provides details of its technical environment for the SP SDM

Secure Element info (provided by the phone application)

contact details to the Secure Element Issuer Security Domain Manager (SEI SDM = SEI TSM) (collected from the Secure Element)

SP SDM assesses the technical conditions, and identifies SEI SDM

exhaustive specification of technical environment – handset and card

stored card info (closed loop) or any card info (open loop)

Negotiation between SP SDM and SEI SDM – multi step process

SP SDM request the loading of its application and describes itself (application profile)

SEI SDM assesses the application, describes itself and the loading conditions (card profile)

Cross certification of application

SEI SDM initiates loading over the open channel through the SP SDM

use of data channel over a proxy

SEI SDM provides SP SDM with the security keys to complete loading