NFC Standards

Standards for the NFC EcosystemAn Interactive Experience for the Mobile CommunityBart van Hoek Smart Card Alliance Mobile and NFC Council

Smart Card Alliance & UL Transaction Security 2012 UL LLCUL and the UL logo are trademarks of UL LLC 20121Access ControlBackExitHome98Transit InfrastructureISO/IEC 24014EN 1545ITSOVDV-KACalypsoSDOACFMSStandardSpecificationStandardCFMS: Contactless Fare Media SystemsITSO: Intergrated Transport Smartcard Organisation VDV-KA: Verband Deutscher VerkehrsunternehmenSDOA: Specification Document Open ArchitectureUS StandardImplementation (Easy Card)EU StandardsMultiple ImplementationsDefines Data ElementsIntegrated TicketingOn Organizational LevelOSPT CIPURSEBackExitHome93Transit InfrastructurePart I Introduction and OverviewAgent Central SystemPart IV System Security Planning and Implementation GuidelinesPart V Compliance Certification and Testing StandardRegional Central SystemPICCConcentratorCard Interface DeviceAgent Central SystemConcentratorCard Interface DevicePart III Regional Central System Interface StandardPart II Contactless Fare Media Data Format and Interface Standard.CFMS ArchitectureBackExitHome94Transit Fare MediumMIFARE4Mobile= deprecatedBackExitHome92

BofA

ING

MRT

AJAX

Card-becomes-appProvisioningBackExitHome

LoyaltyTransitAccessIdentityTags & AccessoriesCorePaymentsThis access section provides an overview of the relevant standards for contactless access control mechanisms.

Access protocols need to be quick, therefore implementations are often built upon the same standards that are used in transit.

Mobile /Card CentricBack Office CentricOverviewMobile/Card CentricBack Office Centric

BackExitHome50Enlarge

StandardsOverview

LoyaltyTransitAccessIdentityTags & AccessoriesCorePaymentsMobile /Card CentricBack Office CentricOverview

Contactless / NFC Readers/TerminalsContactless CardHandset(Card Emulation)WallDesktopLogical AccessPhysical AccessCard centric access control has been standardized in the U.S. Government under FIPS 201 (PIV), or mainly uses proprietary de-facto specifications such as iCLASS and MIFARE. These specifications are being ported to mobile and build upon the known contactless standards.

BackExitHome51Enlarge

LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumInfrastructureSchemesOverview

CorePayments

Around 300 e-ticketing schemes worldwide PaymentInternationally there are many different e-ticketing schemes. It is out of scope of this presentation to discuss each scheme individually. This slide shows a selection of examples of the various transit schemes in the world.BackExitHome48OverviewEnlarge

LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumInfrastructureSchemesOverview

CorePaymentsPaymentThe international standards contain standards on a business level which specify how ticketing should be arranged on a organizational level and provide standards that define the data elements for the cards and point of interaction. Some national specifications have adopted these international standards and added requirements to customize them to local needs.ISO/IEC 24014EN 1545ITSOVDV-KACalypsoSDOACFMSStandardSpecificationStandardCFMS: Contactless Fare Media SystemsITSO: Intergrated Transport Smartcard Organisation VDV-KA: Verband Deutscher VerkehrsunternehmenSDOA: Specification Document Open ArchitectureUS StandardImplementation (Easy Card)EU StandardsMultiple ImplementationsDefines Data ElementsIntegrated TicketingOn Organizational LevelOSPT CIPURSEBackExitHome46CoreProvisioningSecure ElementThis core section is not defining standards that are required for every NFC implementation.

Instead, it defines standards that are industry agnostic. For example, functions like data provisioning, the use of a secure element (SE), or secure element access control are optional for each NFC implementation. SE Access Control

LoyaltyTransitAccessIdentityTags & AccessoriesPaymentsOverviewBackExitHome5SE Access Control - OverviewOS / BasebandCLFSecure ElementUser InterfaceSecureApplicationSE Access ControlOpenMobile APISEEK is an implementation on AndroidSE Access ControlGPAC or GAAC standardBackExitHome66Secure Element - DiagramRuntime Environment(Java Card / MULTOS)ProprietarySpecifica-tions

GlobalPlatform APISecurity DomainApplicationOPEN and GlobalPlatform Trusted FrameworkRTE APIBackExitHome64Secure ElementSE Access ControlOverviewProvisioningCoreLoyaltyTransitAccessIdentityTags & Accessories

PhysicalOver the WireOver the InternetOver the AirCLFSecure ElementSecureApplicationOS / BasebandUser InterfaceTrustedServiceManagerService ProviderProvisioning is the activity where an external party (e.g., the TSM) provides the secure application and/or credentials to a secure element.

Over the Internet:Handsets with a data connection or access to WiFi can communicate with the TSM over TCP/IP. PaymentsEnlarge

BackExitHome8SE Access Control - StandardsBackExitHome67Secure Element - StandardsBackExitHome65StandardsOverviewEnlarge

LoyaltyTransitAccessIdentityTags & AccessoriesOverviewUser InterfaceAcceptance DeviceHandsetTSMCore

Secure ElementPaymentsOS / BasebandCLFSecure ElementUser InterfaceSecureApplication

The user interface is an application that runs on the operating system of the handset. It allows the user to interact with other components and allows the user to select a payment card or enter a passcode.

BackExitHome17Enlarge

LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumPaymentPaymentSchemesOverview

CorePaymentsSpecific payment products have designed their products to store additional data to add e-ticketing functionalities such as: check in, check out, time, and travel credit. BackExitHome49OverviewCFMS StandardsEnlarge

LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumInfrastructureSchemesOverview

CorePaymentsPart I Introduction and OverviewAgent Central SystemCFMS ArchitecturePart IV System Security Planning and Implementation GuidelinesPart V Compliance Certification and Testing StandardRegional Central SystemPICCConcentratorCard Interface DeviceAgent Central SystemConcentratorCard Interface DevicePart III Regional Central System Interface StandardPart II Contactless Fare Media Data Format and Interface Standard.PaymentThe international standards contain standards on a business level which specify how ticketing should be arranged on a organizational level and provide standards that define the data elements for the cards and point of interaction. Some national specifications have adopted these international standards and added requirements to customize them to local needs.BackExitHome47General overview

Secure Elements

Service Provider Host

Trusted Server Manager(s)MNO Host

Handset

Acceptance DeviceBackExitHome57Mobile HandsetBackExitHome73