Architecture & Development of NFC Applications Mobile Java development, Java Card, USIM and touch-based services Thomas de Lazzari Smart-University 2009
Presentation • Project Managerat the University of Nicewith Serge Miranda • Ticket TAP • Campus Nova • NFC Container • NFC Forum competition (WIMA, Monaco) • R&D Team in Morocco (mobile money transfer) • Blog: http://tdelazzari.blogspot.com
Campus Nova • NFC trial withCredit Agricole and mobile paymentat the student cafeteria in Sophia-Antipolis
Ticket TAP mobile is digital, targeted and personal Receive personalized offers Read and seek valuable offers ? VS. 50% reduction for girl students at the star light Dance Club Come & see us: Get 10% off ladies bags until tomorrow Present Future
Introduction to NFC, itsEcosystem • Radio Frequency Identification • Contactlesscards • Standardization bodies • Roles and Actors • NFC tags • NFC on a SIM card • Smart Cards • NFC services • use cases • Pilots and business aspect • Availabledevices Objectives
Objectives (2) • NFC for developers • Dev kits • Reading/Writing tags • APDU • JSR 257 & 177 • Java Card • PC/SC readers JSR-268 • Midlet • SCWS • Demo and Examples • Conclusion
Mobiquity • MOBIlitY (Mobile) • UbiQUITous (Internet) One of the major added value for NFC is the security of third party applications provided by the SIM card.
ATAWAD • Google is going from web to mobile. This means you can now create a contact or an entry in your calendar from your mobile and data is automatically replicated not on the SIM but on Google servers (trust and private life is another debate). • ATAWAD = Any Time, AnyWhere, AnyDevice • They start from the needs without necessarily innovate. • They did not create the search engine, they just improved it. • In 5 years we’ll probably say: "they didn’t create the mobile, they’ve just improved it."
Needs of NFC ? • NFC is not like GPS • The value chain and the differentroles are complex. • NFC strenghts • Smart poster. • Configuration shortcut. • NFC in SIM card • Digital signature. • Secure payment. • HandsetmanufacturersNokia, Apple, ...must agreewithMNOs Orange, SFR, ...
Introduction to NFC, itsEcosystem PART 1
RFID • RFID : Radio Frequency Identification • RFID Tags: Store and retrieve data (with a distant reader) • History : radar technology, cow identification (year 1970). • Use case examples: road taxes, trace books in libraires, accesscard, shops (Wall-Mart). • RFID tags types • Active • Passive (withoutbattery)
RFIDFrequencies • 125-135KHz • Round corners • Through most things • No radiation problem • No reflection problem • Cheaper electronics • 13.56MHz • 1m max range • Doesn’tworkthroughmetal and fluids • UHF • Long range (up to 10m withoutbattery) • GHz • Long range • High data rate • Smallest Best compromise for mostcards and tickets CONVEYANCES, VEHICLES, LIBRARY, LAUNDRY, ITEM LEVEL TAGGING, BANKNOTES, ERROR PREVENTION, SECURE ACCESS, AIRPORT BAGGAGE ANIMALS, BEER BERRELS, GAS CYLINDERS, SHOES OF MARATHON RUNNERS
From RFID to NFC • Can communicatewithobjects • Magneticfield induction • Contactlesstechnologybased on RFID 13,56MHz • NFC isstandardized ECMA-340 and ISO/IEC 18092 • Backward compatibility with ISO14443 and SmartCard • Millions of readers • Easy to use
ContactlessCards • FELICA (sony) encryptionkeygenerateddynamicalyateachauth. • Topaz Tag Innovision • MIFARE Standard: • 512bits UL (no security) used for tickets • Other formats : 1K (768 Bytes data), 4K • The 16bits random of MIFARE has been hacked • NXP announcedMIFAREplus • MIFARE DESFirepreprogrammedcardExample: Oyster Card in London • Gemalto: Mifare 4 Mobile • Contactless Java Card 85%+ of the access control / Ticketing ISO14443 marketisMifare®
NFC NFC FORUM http://www.nfc-forum.org • NFC allows a device to read and write a contactlesscard, actlike a contactlesscard and evenconnects to another NFC device to exchange data. • 3 modes : • Cardreading (MIFARE …) • Peer to peer (initiator & target) • Cardemulating • Distance : 0 - 20 centimeters • Bandwidth to 424 kbits/s • NFC Forum : NDEF specs • N-Mark: http://www.nfc-forum.org/resources/N-Mark
Standardization bodies • ETSI / SCP (Smart Card Platform) to specify the interface between the SIM card and the NFC chipset. • EMVCofor the impacts on the EMV payment applications. • GSM Association • Mobey Forum for mobile financial services • AFSCM is French association for mobile contactless • Download specifications here: http://afscm.org • Global Platform to specify a multi-application architecture of the secure element. • Etc.
NFC FORUM SPECS Peer to peer mode Read/Write mode Cardemulation mode Applications LLCP (Logical Link Control Protocol) RTD (Record Type Definition) & NDEF (Data Exchange Format) Card Emulation (Smart Card Capability for Mobile Devices) RF Layer ISO 18092 + ISO 14443 Type A, Type B + FeliCa
Smart Poster • Location based services • List of proximity services dependingon Points of Interest • Trailers • Tickets booking From SMS push to Smart Poster « pull » • Specifications • NFC Forum releases specification for NDEF. • NFC Data Exchange Format whichis a way to « format » RFID tags to be compatible with NFC applications. • Works with MIME type.
Smart Poster RTD Action record values For example, the Smart Poster record defines a URI plus some added metadata about that URI. MAY SHALL
NFC Forum tag typeshttp://www.nfc-forum.org/specs/ • Interoperability between tag providers and NFC device manufacturers • Type 1, based on ISO14443A. Tags are read and re-write capable; users can configure the tag to become read-only. Memory availability is 96 bytes and expandable to 2 Kbytes. Communication speed is 106 Kbit/s. • Type 2, same as Type 1 except that memory availability is 48 bytes and expandable to 2 Kbytes. • Type 3 is based on FeliCa. Tags are pre-configured at manufacture to be either read and re-writable, or read-only. Memory limit is 1Mbyte per service. Communication speed is 212 Kbit/s or 424 Kbit/s. • Type 4, fully compatible with ISO14443A and B standards. Tags are pre-configured. Up to 32 Kbytes per service.Communication speed is up to 424 Kbit/s.
NFC Roles and actors Service provider Application owner Mobile station holder POS NFC SIM Trusted Service Manager (MNO or TTP) OTA NFC Service Management Contactless service management platform CardIssuer MNO (SIM Card management system) SIM Card Manufacturer (Smart Card provider)
NFC service provider NFC service operator Life cycle management system for mobile NFC applications 3 Operator information system NFC applications repository 2 Service profile platform 1 Profile data Customers data cardlets Customers management database Webapp KS FS Customer Interfaces TSM Subscribe a service SDD management system KS SSD Mobile domain SIM management system Customers management database Subscribe a service Card management system KS ISD Customer service Mobile operator Network access Subscribe a service SIM card Application Application data Final user GUI KS FS
Use case: phone islost Service provider • Tells phone has been lost • Tells customer has new SIM card • Service installation requestaftercustomer registration Mobile operator TSM • Tells phone has been lost • Tells customer has new SIM card • Services management & referral for SP • Ask for token (delegated management) • Ask applet installation via ISD (MNO centric model) Customer • Install NFC services
Global Platform - securitydomains Mandated DAP (applications integrityatplaformlevel) IssuerCentric (only ISD management) DAP Verification (application integrity by SSD) Delegated Management (token management) Authorized Management (dual management) Low TRUST High High CONTROL Low By Gemalto
NFC on a Mobile Phoneone thingamong all GPS Screenwith a user interface Security Keyboard Contactless Loudspeaker and Microphone TV Camera Network etc.
NFC in a SIM Card PART 2
Smart Card • Piece of plastic the size of a credit card hosting an electronic circuit that can store and process information. • The integrated circuit (chip) may contain a microprocessor capable of processing this information, or it can only contain non-volatile memory with a security component (memory card). • Smart cards are mainly used as means of personal identification (identity card, access badge to buildings, health insurance card, SIM card) or payment (credit card, electronic purse) or proof of subscription to prepaid services (calling card, ticket). • Contact or Contactless smart card readers are used as a communications medium between the smart card and ahost (point of sale).
Smart Cardhistory 1968 • The automated chip card was invented by German rocket scientist Helmut Gröttrup and his colleague JürgenDethloff. • French inventor Roland Moreno actually patented his first concept of the memory card. • Michel Ugon from Honeywell Bull invented the first microprocessor smart card. • Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. 1974 1977 1978
Smart Carduntiltoday 1983 • The first mass use of the cards was for payment in French pay phones (Bull CP8). • Smart Cardisstandardized ISO 7816. • The second use was with the integration of microchips into all French debit cards. • First Java Cards. • Axalto and Gemplus, at the time the world's no.2 and no.1 smart card manufacturers, merged and became Gemalto. 1987 1992 1997 2006
Smart Cardcategories Contact card Contactlesscard Memory card Microprocessorcard
The memorycard • EEPROM read/writememory (4K max) • Ex: Mifare • Advantages • Simple • Cheap • Drawbacks • Security (easy to duplicate)
Microprocessorcard • Microprocessor used by the application running on card to calculate operations. • Each card can be personalized and updated after manufacture (for banks with more than 500 000 customers). • Credentials can be updated while the card is inserted in a bank automat for example. Verysecure for a reasonablecost
Smart Cardsecurity • Information storedcanbeprotected by a PIN code • Cryptographicoperations • Circuit isshielded • Unique serial number • Software security • Access control to data • Data integrity • IN/OUT firewall
Smart Cardanatomy • CPU: Control Processing Unit • SRAM: StaticRandom Access Memory • ROM: Read Only Memory • Static • Store the Operating System • EEPROM: ElectricallyErasable andProgrammable Read Only Memory • Persistent • CRYPTO: Cryptographic processor • RNG: RandomNumberGenerator • Used to generatekeys
Smart Cardconnectors • A Smart Card has 8 connectors : (ISO7816-2) • C1 Vcc • C2 RST • C3 CLK • C4 RFU (Reserved for future use) • C5 GND • C6 Vpp (old EEPROM) • C7 I/O (bi-directional, in half-duplex mode) • C8 RFU (Reserved for future use)
ContactlessCard • ISO 14443 defines the standard for ContactlessCard.
Smart Card applications • Secure a computer • Store internet securitycertificate • Hard drives canbeencryptedusing and attached Smart Card • Used to authenticate a user on the computer (at login screen)
Smart card applications • Payment • Creditcard, SIM card, TV Channel card, Access card • Transports • Electronicpurse (coffee machine) • Identification • PKI • Digital signature • Can store biometric data • 2009 in Spain and Belgium: eIDcard • 2 certificates: one used to authenticate and one toapply the digital signature (real legal value)
Pyramid of Authentication Technologies Higherlevel of securityoffered for highlyvalued information User privatekeyiskept in a devicesuch as a smart card. Biometrics are alsoused to protectkey. User’sprivatekeyisstored on a portable computer devicesuch as a disk. User name and passwordauthenticates User – PGP encrypts data. SSL encrypts data.
NFC potential, services and devices Part 3
NFC on iPhone http://www.nearfield.org/ NFC already on iPhone: Stickers, 30-pin RFID readers, SIM add-on…
Added value services • Exchange data, P2P • Configuration (bluetoothpairing) • Vending machines, service maintenance • Loyalty, couponing • NFC poster, get information • Ticketing • Medical, home care • Web applications • Payment solution • Access control • Mobile signature • Etc.
NFC Use cases by Nokia
Mobile Ticketing • A customer books two tickets for a concert. • He pays and downloadshis tickets on his mobile phone with a simple touch. • He meetswithhisgirlfriend and transfers the ticket on her mobile. • They arrives and unlocksecuritygatesthanks to their NFC mobile phone. 14 millions RFID tickets were produced by ASK for Olympic Games in China - http://www.ask-rfid.com • Mobile ticketingwillbecome more popular over the next few years, with 2.6 billion tickets worth $87 billion, delivered by 2011 • JuniperResearch (April 2008)
NFC in the World (2009)http://www.nearfieldcommunicationsworld.com • Japanwith Sony FeliCa, NTT DoCoMoNTT Docomo reports 10 million mobile credit card customers • StoLPaN « Store Logistics and Paymentwith NFC » is a pan-European consortium supported by the EuropeanCommission’s Information Society Technologies program: http://www.stolpan.com • Akbank and Turkcell test NFC in Istanbul • Visa launches NFC trial in Brazil • Citi launches NFC trial in India • Telefónica launches O2 Money, says it is ready to deploy NFC • Nokia Money • 41 NFC-related trials and launches in the Asia-Pacific region so far… • etc.
NFC in France(2009) • Disneyland Paris to test NFC and contactless cards from October 2009, with CréditMutueland CIC banks. • Smart-Park with VINCI Park and Monext. • Paris Metro: Paris transport operators to launch NFC ticketing from the end of 2010. STIF will coordinate the Paris transport operators (Optile, RATP and SNCF Transilien) and the participating telecoms operators (Orange, Bouygues Telecom and SFR). • Pegasus workgroup: multi-operator (Orange, Bouygues Telecom, SFR), multi-bank (BNP Paribas, Groupe Crédit Mutuel-CIC, Crédit Agricole, Société Générale) with MasterCard, Visa Europe and Gemalto for mobile payment in twocities: Caen and Strasbourg • Nice NFC cityhttp://www.afscm.org/entreprises/nice-ville-nfc