Role of the Secure Element in the New and Evolving NFC ...€¦ · 07/10/2015 · NFC Ecosystem:...

Hervé Pierre

Chairman, SIMalliance

8 October 2015

Role of the Secure Element in the New and Evolving NFC Landscape

Introduction

NFC Ecosystem: Overview

A Comparison: HCE and SE

Why ‘One Size Fits All’ Doesn’t Apply for NFC: Technology Relevance by Use Case

Conclusion

Securing the future of mobile services 3

Security, Identity, Mobility

SIMalliance: Who we are

SIMalliance members represent approx 90% of the global SIM market and deliver

the most widely distributed secure application delivery platform in the world (UICC/SIM/USIM).



Security

Mobility

Identity



Examples of SIMalliance Deliverables

> UICC* Device Implementation Guidelines

– Outline fundamental and optional UICC features device vendors need to support to optimise UICC interoperability in future devices.

> UICC LTE Profile

– A collection of requirements for optimal support of LTE/EPS networks by UICC.

> Stepping Stones Documents

– Best practices for development of interoperable applications (USIM, NFC, SE).

> Open Mobile API

– Standardised way to connect mobile apps with all SEs on a device to provide a more intuitive interface and increasingly powerful functionality.

– Enables delivery of highly secure business and consumer mobile applications across all SE form factors.

– Referenced by GSMA (NFC Handset & APIs Requirements and Test Book).

– Open Source implementation (Seek-for-Android).

– Implemented in nearly 250 models of Android (NFC) Smartphones.

Open Mobile

API

A

P

P

(*) UICC=UMTS Integrated Circuit Card

Introduction




Conclusion



The NFC landscape is growing and converging….

Key market drivers:

• Apple Pay

• Other applications (i.e. transit in China)

• Choice of deployment technologies

Complementary technologies are

emerging:

• HCE, SE (SIM/eSE), TEE, hybrid models

Each will play a part in a future NFC

landscape which offers a graduated security

approach



2014: Consolidation of NFC infrastructure




2014: Growth in NFC SIM volumes



The NFC ecosystem



HCE – an additional NFC technology

Before HCE:

Card emulation transactions were

isolated from the host OS.

Android 4.4 introduces HCE:

Application running on the Android OS can

emulate a NFC smart card outside of an SE.



Emergence of hybrid models

Multiple possibilities being defined,

e.g.:

• MNO / SIM

• OEM / eSE

• HCE / tokenisation

• Combinations of the above

Variance according to use case /

service requirements

Introduction




Conclusion



There are challenges with each deployment model…

> SIM-SE (MNO centric model)

– Recognised business model and technical challenges in

development / deployment

– Market fragmentation issues to be overcome

> Embedded SIM / eSE (OEM model)

– Closed systems / ‘walled garden’ approach with one party in control

– Market fragmentation issues to be overcome



There are challenges with each deployment model…

> HCE

• Costs, risk and responsibility are borne by the service provider

• Security constraints

• Only works on devices running Android 4.4 and Blackberry OS

• HCE doesn’t work when device is powered off

• Does not currently support many transit applications

• Fragmentation between device OS

• Ecosystem not standardised / fragmentation

• To enhance security, HCE Can be used with tokenisation, yet: o Certification framework not yet established for HCE / tokenisation.

o Network coverage needed for token download / usability impact.

• High profile announcement suggests tokenisation requires a hardware SE for acceptable

security.



But equally there are benefits…HCE

Simplified deployment model for

global service providers

.

Global reach for Android 4.4

Opens up NFC to application

developers

Increases breadth / volume of NFC

services

Increases end user NFC familiarity

/ acceptance

Security can be enhanced via a

hybrid approach



But equally there are benefits….SE

Highest grade of application security.

.

Established compliance/ certification

schemes.

Usability: SE services work when device

is powered off

Only SE supports many transit applications

NFC SIM infrastructure is globally available,

established and proven

SIM = most trusted business model for

deploying secure mobile services

High profile endorsement that SE is best

suited for NFC payment applications



HCE and SE – A security comparison

HCE

Software only approach to security

Applications run on the rich OS

(vulnerable to malware / attacks)

Standalone HCE = no application security

No certification scheme to date

‘Acceptable risk’ judgement required /

issuer liabilities

Ecosystem, not yet standardised

Two key approaches to enhance security

(hybrid models):

1) Combination of software and

backend security mechanisms

2) Utilisation of SE

SE

Tamper resistant hardware plus software

offers highest grade of security

SEs rely on extremely secure chips;

variety of form factors

Application and credentials stored

securely together within the SE

SEs provide separate memory for each

application, allowing no interaction

between them

Recognised security; established

certification scheme and proven track

record

Standardised ecosystem

Introduction




Conclusion



One size most definitely doesn’t fit all….

There are benefits to both HCE and SE:

Service providers to use judgement / risk

assessments to establish a suitable

deployment model for their specific use case.

An open SE architecture offers the widest choice

to all service providers, based on unique security

and deployment (business model) choices.

HCE and the SE sit at extremes of security

spectrum: hybrid approaches offer graduated

security and further choices.



SIMalliance recommended deployment model by use case



Comparison: Assessment of NFC technology by key criteria

= Not recommended

= Recommended

= Maybe, depending

on implementation

Security

Market reach

Application

Technology

Introduction




Conclusion



Conclusion

> SE, HCE and hybrid NFC deployments are

all now in existence.

> Steep ascent of learning curve:

– how can technologies be leveraged to provide

maximum benefit to specific use cases?

> Deployment models will continue to evolve;

undefined hybrid models will materialise.

SIMalliance anticipates a future where SE and HCE will continue to co-exist, and in

many cases converge.

This will be the basis of an optimally efficient and secure NFC ecosystem.

Thank you

@SIMalliance

https://uk.linkedin.com/company/simalliance

http://twitter.com/simalliance

http://twitter.com/simalliance

http://www.linkedin.com/groups?gid=2175999

http://www.linkedin.com/groups?gid=2175999

Role of the Secure Element in the New and Evolving NFC ...€¦ · 07/10/2015 · NFC Ecosystem:...

Documents

Transcript of Role of the Secure Element in the New and Evolving NFC ...€¦ · 07/10/2015 · NFC Ecosystem:...