Applying the NFC Secure Element in Mobile Identity Apps. RANDY VANDERHOOF Executive Director Smart Card Alliance



Similar documents
An NFC Ticketing System with a new approach of an Inverse Reader Mode

Mobile Near-Field Communications (NFC) Payments

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

Security on NFC-Enabled Platforms

Significance of Tokenization in Promoting Cloud Based Secure Elements

Mobile/NFC Security Fundamentals. NFC Application Use Cases: Security Perspectives. Smart Card Alliance and NFC Forum Webinar May 9, 2013

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD

Bringing Security & Interoperability to Mobile Transactions. Critical Considerations

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Near Field Communication (NFC) and Transit: Applications, Technology and Implementation Considerations

Security of Proximity Mobile Payments

NFC: Enabler for Innovative Mobility and Payment NFC: MOBILIDADE E MEIOS DE PAGAMENTO

Mobile Cloud & Mobile Ticketing

EMERGING PAYMENT PRODUCTS AND PAYMENT SYSTEMS

Frequently Asked Questions

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?

Secure Authentication for Mobile Internet Services

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

Mobile NFC 101. Presenter: Nick von Dadelszen Date: 31st August 2012 Company: Lateral Security (IT) Services Limited

C23: NFC Mobile Payment Ecosystem & Business Model. Jane Cloninger Director

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

HCE, Apple Pay The shock of simplifying the NFC? paper

Social Media Payment Applications. June 6, 2011

GLOBAL MOBILE PAYMENT TRANSACTION VALUE IS PREDICTED TO REACH USD 721 BILLION BY MasterCard M/Chip Mobile Solution

How To Understand And Understand The Mobile Nfc Ecosystem

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

EMV-TT. Now available on Android. White Paper by

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

m Commerce Working Group

Key Topics in Mobile Payments. Marianne Crowe Federal Reserve Bank of Boston m-enabling Summit June 10, 2014

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

Bank. CA$H 2.0 Contactless payment cards

Using an NFC-equipped mobile phone as a token in physical access control

The Convergence of IT Security and Physical Access Control

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro

Transaction Security. Advisory Services

Secure your Privacy. jrsys, Inc. All rights reserved.

Mobile Cloud Computing

A Secure and Open Solution for Seamless Transit Systems

HCE and SIM Secure Element:

The Convergence of IT Security and Physical Access Control

The future of contactless mobile payment: with or without Secure Element?

NFC-Enabled Payments and the Role of the Trusted Service Manager

Ingenious Systems. Evolute System's. Mobile Payment. Initiative

Mobile MasterCard PayPass UI Application Requirements. February Version 1.4

Threat Modeling for offline NFC Payments

NFC Application Mobile Payments

Mobile Electronic Payments

NFC Tags & Solutions. Understanding Near Field Communication (NFC) Technology. Executive Summary

The Contactless- NFC Project of ATM Barcelona

Documentation of Use Cases for NFC Mobile Devices in Public Transport

Mobile Financial Services Business Ecosystem Scenarios & Consequences. Summary Document. Edited By. Juha Risikko & Bishwajit Choudhary

Application of Near Field Communication Technology for Mobile Airline Ticketing

Mobile Financial Services

The Mobile Money Revolution. ITU-T Technology Watch Report May Part 1: NFC Mobile Payments

Trends in der Forschung für kontaktlose Anwendungen

Evaluation of the world s first pilot using NFC phones for check-in and hotel room keys

Transaction Security. Test Tools & Simulators

Executive Summary P 1. ActivIdentity

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Touch & Travel a SIM-based eticketing System

NFC Mobile Handset High Level Requirements V2

MOBILE NEAR-FIELD COMMUNICATIONS (NFC) PAYMENTS

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

NFC. Technical Overview. Release r05

EPC Version 2.0

NACCU Migrating to Contactless:

The Role of the Trusted Service Manager in Mobile Commerce

Mobile/NFC Standards Landscape Reference Guide

mobile NFC technical guidelines

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

Android pay. Frequently asked questions

Mobile Phone Technology: Smarter Than We Thought

Use Cases for Mobile NFC Meeting Retail

Security Analysis of Mobile Payment Systems

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

permitting close proximity communication between devices in this case a phone and a terminal.

Transcription:

Applying the NFC Secure Element in Mobile Identity Apps RANDY VANDERHOOF Executive Director Smart Card Alliance Session ID: MBS - 403 Session Classification: Mobile Security

Agenda Agenda topics NFC basics: functionality and security NFC ecosystem for payments and identity/security Challenges for a mobile identity apps using NFC 2

Near Field Communication (NFC) Near Field Communication (NFC) is a shortrange wireless connectivity technology (also ISO/IEC 18092) Communication occurs when two NFC-compatible devices are brought within four centimeters of one another. NFC operates at 13.56 MHz and transfers data at up to 424 Kbits/second. The primary uses of NFC are to: Peer-to-Peer: Exchange data or connect devices, such as wireless components in a home office system or a headset with a mobile phone Reader/Writer: Access digital content, using a wireless device such as a cell phone to read a smart poster embedded with an RF tag Card Emulation: Make contactless transactions, including those for payment, offer redemption, access, and ticketing 3

Mobile Application Security No Security limited or no protection of data stored on mobile device Ex. Facebook profile, shopper rewards number Basic Security data can not be accessed or duplicated easily, economically impractical to use protected data Ex. Gift cards, transit pass, low value prepaid Hardened Security encrypted, many security levels, stored in secure element Ex. Bank cards, drivers license, log-in data, high value prepaid 4

NFC and Application Security Several secure architectures are available to implement NFC applications: Removable elements: UICC (SIM) based secure element communicating using the Single Wire Protocol (SWP) with the NFC controller SD card-based secure element uses the SD card format to provide the security features required by the applications Non-removable elements Embedded hardware secure element uses a non-removable SIM-type element that is part of the mobile phone Secure element features in the mobile device as part of the baseband processor 5

What the NFC Ecosystem Looks Like The Trusted Service Manager (TSM) provides a contact point between service providers and NFC mobile phones. Service providers can provide NFC mobile phones with remote multi-application management functionality through the TSM 6

What the NFC Payments Ecosystem Looks Like Using Mobile Devices? 7

What the NFC Identity/Access Ecosystem Looks Like Using Mobile Devices? 2 Identity issuer/ broker 3 Identity management system 4 Security system 5 Network system 8

Trusted Channels of Communications POS or Door reader Issuance Institution Acceptance Institution 9

Identity Credentials on a Mobile Device Challenges Private Keys/ non-repudiation Private keys currently generated on card and not exportable/ clonable under FIPS 201 to other tokens (but NIST examining it) Who owns and manages Secure Element? MNOs? Handset Maker/ OS-apps-cloud services provider? End-user/ Employer or gov t agency (MicroSD)? Mobile credentials delivery Reading existing FIPS validated PIV card using 14443 protocol MicroSD as a separate token issued and managed by end user CMS to mobile device manager to mobile device with embedded secure element full credential with cryptographic signing keys 10

Alternatives to NFC for Payments Identity/Access alternatives are similar but the availability has not fully matured 11

What Is Left To Be Done? Knowledge Gap Surrounding NFC technology Technical: How NFC services work on multiple brands and models NFC security models (USIM, MicroSD cards, Embedded SE) Payments and Access Security: Understanding end-to-end security Consumer Awareness and Acceptance Training How does it work? When & where to use it Where will end-user applications come from? Will NFC accelerate contactless reader and digital credentials acceptance? Satisfy regulators, media, security professionals about data protections and security methods or 12

How to Apply What You Learned Today How to Apply It Apply mobile payments lessons learned to identity apps Extend existing security architecture to include mobile issuance and transactions Use state of the art digital credentials on mobile devices to leapfrog existing technology shortcomings 13

Thank You.Questions? Randy Vanderhoof Executive Director Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 rvanderhoof@smartcardalliance.org www.smartcardalliance.org 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information