In the context of the ongoing trends towards ubiquity of information and the increasing demand for personal mobility, the role of a smart mobile device (usually a handset or a tablet) is becoming more and more important as an enabling tool.
It is no surprise therefore that contactless technologies are gaining momentum in the connected world in general, and for applications like payment and transport in particular, as it represents a perfect fit for these modern requirements. Against this background the implications for near field communication (NFC) applications should be contemplated.
NFC transforms a mobile device into a platform for applications that will massively enhance consumers’ experiences when using their smartphones and related portable devices. The integration of NFC technology into mobile devices therefore marks a new stage in the evolution of personal mobility. Infineon strongly supports the NFC ecosystem with diverse security product offerings that meet the current and future requirements of the various device architectures in the market.
Established as an international standard (ISO/IEC 18092), NFC uses the principle of magnetic induction coupling to create a 13,56 MHz radio signal when two devices are within close range of each other. In fact, users need only tap a compatible reader or other NFC-equipped passive or active device with their own NFC device to create a link. The NFC counterpart can be another mobile device, a terminal, a reader (for example, in a retail store) or a passive NFC tag.
NFC supports two main application categories: open applications and secure applications. Open applications are primarily used for information exchange and do not require strong privacy or data protection. Secure applications, on the other hand, are just the opposite.
Both the end user as well as their service provider, require access to personal and financial information which should be protected by a similar level of security as used in their payment smartcards and secure ID documents. This requires hardware-based security provided by so-called ‘secure elements’.
The popularity of various secure NFC applications, including proximity mobile payment or ticketing in public transport systems, is gaining momentum as local scheme trials give way to national rollouts.
Paving the way to NFC adoption
As NFC becomes more and more important for future applications, it has to be considered that the adoption is still taking off slowly. This does not necessarily mean that the expectations regarding NFC have been too ambitious, but the complexity of the ecosystem and the number of stakeholders, especially for secure applications, is indeed a challenging factor. Therefore it is worth having a closer look at contactless card applications as a first step, as these applications could be also treated as enablers for NFC.
Two primary trends are taking shape when it comes to these technologies. First of all it is expected that co-existence of contactless cards and NFC emulated card applications will drive the adoption of NFC in general. This is for instance perceptible in transport and eTicketing which already have a solid contactless infrastructure and also use this as a basis for enhanced NFC applications.
Secondly, there is a clear trend towards so-called OCFA (one card fits all) applications which allow multiple applications and services to be accessed or used with one card only. In this case an eTicketing card could for example also be used for micropayments and/or access control or eID applications, to mention just a few. Such applications can be regarded as vanguard for NFC-based wallet applications. For this reason the adoption of NFC goes hand in hand with typical contactless card applications, all of which are supported by Infineon with dedicated products.
The need for hardware-based security
According to the international chip card association Eurosmart (November 2013), shipments for secure elements are expected to reach 435 million pieces in 2014 – more than four times the number of devices shipped in 2012.
Because of its specific characteristics, the secure element is not likely to be integrated into another system chip in mobile devices.
Security controllers used for secure elements have a unique physical design and dedicated features that fulfil extensive security certification requirements. They offer the best possible in-system performance, especially for cryptographic algorithms, with the smallest possible footprint.
Current NFC-enabled devices combine a contactless front-end (CLF) modem together with a secure element in different form factors to suit the requirements of handset manufacturers and/or service providers. For other business models, NFC functionality can also be supplied via a MicroSD card with its own CLF and secure element.
Over time the CLF modem in the handset will be replaced by the ‘RF connectivity device’; this will certainly follow the typical path of smartphone integration, in which all RF communication protocols such as Wi-Fi, Bluetooth and now NFC are supplied by a single communication device.
The requirement to support several business models in the NFC ecosystem as described above will lead to an NFC architecture that features more than one secure element. These could be provided in several form factors e.g. SWP-UICCs in a SIM card format or secure element ICs for embedded formats. Consequently, Infineon expects that its flexible approach to secure element implementation can best help its partners to meet their goals.
Various participants in the NFC ecosystem have clear paths for implementing their applications. These must be balanced between the business model requirements of mobile network operators (MNO), handset manufacturers (HSM) and other independent service providers.
In addition to typical authentication functionality, NFC SIMs support NFC applications and the services from MNOs, while HSMs usually integrate an embedded secure element to manage their own secure NFC applications and establish a secure ‘root of trust’ for their mobile device services against malware.
Methods of securing NFC applications
Infineon supports the NFC ecosystem with diverse security product offerings that meet contemporary and future requirements of the various NFC platforms on the market. They are certified according to the international common criteria standards and have also been approved by the payment card industry consortium EMVCo (American Express, JCB, MasterCard, Visa).
Different implementation paths are supported to bring hardware-based security directly into mobile devices and cover embedded secure elements, UICC/SIM based secure elements as well as dual-interface secure elements (e.g. the boosted NFC secure element).
In addition to NFC-enabled devices, the last key part in the adoption of NFC technology involves NFC tags. These are enabling technology for open applications such as hardware device pairing or information exchange, and make NFC convenient and easy to use for all consumers.
The end-customer’s decision
Open applications act as trailblazers for secure applications. The latter have verifiably higher requirements in terms of infrastructure and players involved, and must therefore deal with a more complex ecosystem. To speed up the adoption of NFC, two factors need to be considered:
* Market acceptance of NFC is much easier to achieve via open ‘tap and use’ applications which have no real market entry barriers resulting from the NFC ecosystem.
* The convenience factor of this kind of application is easy to understand for the end customer, who is ultimately a very important factor when it comes to the success of NFC. The technology’s adoption will only take off if the end customer really understands the advantages of NFC and therefore demands a dedicated NFC device.
Current conditions are ideal for the emergence of such technologies as consumers no longer use their mobile phones merely for communication but also as transaction tools. It goes without saying that it is reasonable to bring NFC handsets and tablets to the market without consumer demand existing, but without real adoption by the end customer, it will be just another technology stuck in a niche.
Therefore one success factor to achieve widespread NFC adoption lies in educating the end customer; they will only adopt this technology when they can generate benefits from its use and when they are also aware of these benefits. Such benefits can include, for example:
* Improved personal mobility.
* Reduction of transaction times (e.g. for transport and ticketing applications).
* Simplified transactions (e.g. for receiving information).
* Ubiquity of receiving information (e.g. even if a network is not available).
* Increased security level of transactions (e.g. for mobile payment).
* Use of one device for many applications (e.g. wallet functionality).
* Ubiquitous exchange of information and use of services.
* Interoperability between devices.
Up until now, as surveys show, the knowledge about the benefits of NFC has not effectively reached the end customer. This means there is still a lot of work to do regarding clarification. From the perspective of who has the closest link to the end customer, particularly companies who offer B2C products and services are in a good position to be the evangelists. These companies are, for instance, banks, service providers, MNOs, retailers and handset manufacturers, who should involve themselves in this activity.
Moving toward mass deployment
By offering secure and open services, NFC technology could finally transform our mobile devices into wallets, tickets and even keys. Imagine paying for groceries at the checkout with your smartphone or holding your cellphone in front of an NFC-enabled turnstile to access your underground train station.
In an NFC ecosystem, billboards become storefronts where you can request information, cash in the form of vouchers or even order products. And to transfer content, photos or money, all you need to do is touch your phone to a friend’s.
All of this will become reality soon, and Infineon intends to support this development with adequate security products.
For more information contact Davis Moodley, Infineon Technologies, +27 (0)11 706 6099, www.infineon.com
|Tel:||+27 11 706 6099|
|Fax:||+27 11 706 9049|
|Articles:||More information and articles about Infineon Technologies|
© Technews Publishing (Pty) Ltd | All Rights Reserved