About NFC

Near Field Communication (NFC) is a standards-based, short-range wireless connectivity technology that enables simple and safe two-way interactions of electronic devices. The NFC technology enables consumers to perform contactless transactions, access digital content and connect devices with a single touch.

Implemented in mobile phones, the user can pay, get access, buy a ticket, request information or exchange contacts by touching a tag with his mobile phone.

Major use cases supported by NFC

The easiest use case for NFC is touching NFC Tags in the so called Reader/Writer Mode. Tags are small and inexpensive chips containing information.

NFC defines the content of such tags to allow interoperability between readers (like in mobile phones) and tags. Tags can carry proprietary data or standardized information recognized by any NFC phone or. These “Service Tags” allow easy access to a Web site via storing a URL (also called “SmartPoster” application) or allowing call back requests or SMS services via the NFC mobile phone. Service tags are supported as a standard feature on any NFC-certified device.

NFC is not only about contactless tag reading transactions but also about storing cards and making the phone a “virtual card”. This Card Emulation mode requires security.

To store cards not only virtually but inside the phone a secure storage is required, that works in the same way on every NFC phone. This storage is called the Secure Element (SE). It hosts Applets developed in JavaCard to allow secure logic to reside and be used inside the phone.

Applets communicate to external contactless readers via the contactless NFC interface or also to the app running on the phone. The first usage is e.g. used to wave the phone in front of a contactless POS terminal, whereas the second communication channel is used to visualize physical cards in the Wallet.

Which modes of operations are offered by NFC Technology?

Mode of Operations Description Use for
Reader / Writer Mode
  • Reading of (and writing to) passive NFC tags, typically SmartPosters
  • Needs phone to be in active standby
  • Launching the browser when touching a SmartPoster tag
  • Launching an app when touching a tag
  • Advertisement of services
  • Collecting coupons etc.
Card Emulation (using the Secure Element)
  • Emulation of cards accessible via APDU communication sent by a reader / writer (terminal) to the NFC enabled mobile phone holding virtual cards
  • Virtual cards are stored in Secure Element
  • Compatible mode to existing contactless cards (debit, credit,…
Main use case for:

  • Payment cards like PayPass, payWave
  • Ticketing cards
  • Access control cards
Peer-to-Peer mode
  • Communication between two NFC enabled active devices
  • Requires app to run on mobile phone to support P2P protocol
  • Contactless services that want independence from Secure Elements
  • E.g. used for ticketing, money transfers or lower security access control applications

 

Following picture outlines the integration of these modes into an NFC enabled handset:

 

How are Secure Elements managed?

Secure elements can hold many cards by many issuers at the same time. Therefore the management of cards and the methods how they are loaded and personalized is a secure way is critical.

Topic Answer
Where are the Secure Elements? SEs can be based on SIM cards (USIM), embedded SEs, uSD cards or external adapters.
How are cards coming into the SE? They are either pre-loaded on the SE or loaded in an Over-The-Air Provisioning process (OTA).
How are cards personalized? After the OTA Provisioning process there is a OTA Personalisation phase to configure data like cardholder data.
How is the OTA process secured? There are secure cryptographic protocols defined by GlobalPlatform.
Who is installing cards to the SE? Typically a Trusted Service Manager (TSM) is fulfilling this role.
Who can control this process? The Issuer of the SE has the Master Keys and can control the OTA process both technically and commercially.