květen 2014 co se stane s kartami ve světě chytrých věcí? jan němec

Květen 2014

Co se stane s kartami ve světě chytrých věcí?

Jan Němec

Agenda

2

Smart cards

Near Field Communication

Host Card Emulation

ISIS NFC case study

Bluetooth Low Energy and Beacons

Smart card and Internet of Things

MůjCard and Fidesmo

Smart Cards & Devices Forum 2014

Smart cards

3 Smart Cards & Devices Forum 2014

4

Smart cards/Secure elements - no news

Java Card 3.0.1 Management of multiple contact/contactless interfaces Support for up to 20 logical channels Additional cryptography

GP 2.2.1 with amendments A, C and DMultiple TSM management Multiple Service providersMultiple NFC services

NFC Type A and B

Huge certification effort

Common Criteria EAL4+CAST and EMVCoFIME GP2.2

ISD

SSD1SSD2

SSD3

SP-TSM2

SP-TSM3

SP-TSM1

SEI-TSM


Near Field Communication versus

Host Card Emulation


6

Overview of the different NFC modes

P2P

Data exchange…

Card emulation

Payment

Transport

Access control…

Reader

Information…

Requires NFC SE or specific adaptation to HCE


Secure Element versus HCE


8

SE-based transaction

HCE-based transaction

Before HCE, Card Emulation transactions were isolated from the Host OS

NFC Controller routing rules


Implicit vs Explicit Selection of Applications


10

HCE ≠ SE HCE is only emulating the logic of an NFC smart card

SE-Based Card EmulationBoth Application and Credentials reside in a Secure Element

UICC, embedded SE or secured µSD SE is about secure (i.e. extremely hard to break or clone) storage of sensitive data.

Host Card Emulation (HCE): HCE Service runs on the Device OSCredentials can be stored anywhere

In the rich OSIn a TEE In the CloudIn a SE

Where are credentials stored?

Source: UL – HCE Security Webinar Jan 2014Smart Cards & Devices Forum 2014

What use cases with or without SE?

11

Payment

Transport

Access Control

Identity

Secure P2P

Ticketing

Tag reading /info retrieval

Device matching for P2P

Use cases

Possible with HCE but with security and compatibility limitations

201434 brands, 350 models

290 Android270 UICC, 55 eSE, 35 HCE

~500 milion units

2017 ~1700 milions units


ISIS NFC case study


Isis is a Joint Venture between 3 of the biggest US MNOs

13

Partnering with major banks & payment schemes:


http://en.wikipedia.org/wiki/File:Wells_Fargo_Bank.svg

ISIS Mobile Wallet is now available nationwide!

14 Gemalto Confidential - Internal Use Only

Started as a pilot in 2 cities: Austin & Salt Lake City, in October 2012

National launch on November 14th, 2013

A lot of incentives for users


68 Isis-ready phones available

15 Gemalto Confidential - Internal Use Only

The Isis Wallet is also available on iPhone 4, 4S, 5 and 5S with the Incipio Cashwrap Isis Ready case.

The Isis Wallet is now pre-loaded in

14 handsets.Smart Cards & Devices Forum 2014

Near Field Communication versus

Bluetooth Low Energy


Bluetooth Low Energy (BLE)


BLE Beacons


BLE versus NFC


Wearable devicesand

Internet of Things


SundayTimes newpaper article in 2006


Chandan’s All-In-One Card desing in 2006

22

https://blogs.oracle.com/chandan/entry/the_all_in_one_card


23

Arduino


PRINTOO

25

Printoo's modules will be thin and bendable.


26

Thin and flexible polymer solar cell. You can cut it into the shape you want!

PRINTOO


27

Paper-Thin Electrochromic Screen

PRINTOO


PRINTOO modules


MůjCard


30

MůjCard world values …

…for end users Access to more contactless service thanks to MůjStore with the appsInstant way to get, manage and use these service thanks to MůjManager

…for service provides Ability to offer services

small players at city/regional level have no chance to talk to MNO/handset vendorglobal players are not ready to agree and integrate with X+ MNOs/handset vendors

Ability to offer services without need to provide own secure elements

… for group users (corporations, government) Access to simple post issuance of their cards, which doesn’t exist todaySimple/portable interface for their users merging usage and discovery experience

… for MNOs not willing to join NFC waveAbility to offer an external SE as NFC equivalent to their end users (revenue share)

… for MNO not ready to invest in expensive TSM infrastructureQuick access to SPs - giving an SD on NFC SIM (cheaper SIM or revenue share)


31

MůjCard world in pictures

MůjCard with MůjCardApps

MůjStore

Terminal with MůjManager

Terminal accessing MůjCardApps

ISO 7816ISO 14443

HTTPS

ISO 7816ISO 14443


32

MůjCard in pictures

MůjCard

App #1 App #2 App #3 App #n

Admin Applet User auth

Terminal auth

Store auth

Apps access control

Apps registry

Manager reference


33

MůjManager in pictures

Terminal

MůjManager

APDU communication module

MůjCard communication service

MůjStorediscovery

MůjStore communication module

MůjCarddiscovery

APDUscriptplayer


34

MůjStore in pictures

MůjStore

Apps container

Public Zones – public apps

Restricted Zones – own apps

Ap #1 Ap #nAp #2

Users

End user account #1

UZone #1

UZone #2

MůjCard #1MůjCard #1

MůjCard #2

MůjCard #3

Group account #1

UZone #1

UZone #2

MůjCard #1

MůjCard #2

MůjCard #3

Group Zone #1

App #1 App #2


35

MůjCardApps examples – public zones

MůjManager is separated from MůjCard UI / terminal apps

End user offer – standalone appsNFC business cardSecure storage – phonebook, passwords, pins, keys, etc.PC authenticationWeb authenticationBitcoin wallet

End user offer – service provider appsAccess – hotel keys, house keys, cinema, stadium, ski resorts, etc.TransportCar rentalCouponing, LoyaltyDRM – applications/gamesOTP, etc.


36

MůjCardApps examples – restricted zones

MůjManager can be merged with MůjCard UI / terminal apps

Corporate offerAccess appsNFC business cardPC authenticationWeb authenticationSignature/cipheringProprietary payment – canteen, coffee and other machinesTravel apps

Goverment offerDigital signatureVotingID, Driving license, Health card, etc.


Fidesmo

37

Fidesmo wins MIFARE Award for the most innovative idea for new services. - http://fidesmo.com/press-releases/

Fidesmo Aims To Be The Only Card You Need For Public Transit (And Eventually, Anything Else). - http://techcrunch.com/2014/05/06/fidesmo-aims-to-be-the-only-card-you-need-for-public-transit-and-eventually-anything-else/

Fidesmo, a technology startup connecting cards with mobile phones. They are just three guys, based in Stockholm and Madrid. - http://fidesmo.com/


http://fidesmo.com/press-releases/

http://fidesmo.com/press-releases/

http://techcrunch.com/2014/05/06/fidesmo-aims-to-be-the-only-card-you-need-for-public-transit-and-eventually-anything-else/

http://techcrunch.com/2014/05/06/fidesmo-aims-to-be-the-only-card-you-need-for-public-transit-and-eventually-anything-else/

http://fidesmo.com/

Thank you!

Jan [email protected]

květen 2014 co se stane s kartami ve světě chytrých věcí? jan němec

Documents

hce smart cards devices

beacons smart card

hce se hce

nmec slide

smart cardssecure elements

host card emulation

hce service

isis wallet