understanding near field communication

Understanding “Near Field Communication”

Raghavendra Kamath Technology Consulting Group (TCG)

ABOUT AUTHOR

Raghavendra Kamath is a member of Technology Consultant Group. As a Technical Analyst, he is engaged in projects across platforms and OSes. He designs and develops innovative mobile solutions for Endeavour’s clients. The team looks up to him for ideas & solutions for resolving project problems and finding innovative solutions to develop application features.

CONTACT INFORMATION Endeavour Software Technologies [email protected] T: +1 (512) 464 1218

2 © 2012, Endeavour Software Technologies


Table of Contents 1. EXECUTIVE SUMMARY ..................................................................................................................... 3

2. INTRODUCTION TO NFC – NEAR FIELD COMMUNICATION............................................................... 4

2.1 OPERATING MODES ....................................................................................................................... 6 2.1.1 READER/WRITER MODE .............................................................................................................. 6 2.1.2 CARD EMULATION MODE............................................................................................................. 6 2.1.3 PEER-TO-PEER MODE.................................................................................................................. 6

3. NFC VERSUS OTHER SHORT RANGE TECHNOLOGIES ........................................................................ 7

3.1 NFC SECURITY CHALLENGES ............................................................................................................ 8

4. NFC ECOSYSTEM .............................................................................................................................. 9

4.1 NFC STAKEHOLDERS ...................................................................................................................... 9 4.2 GUIDELINES FOR STAKEHOLDERS .................................................................................................... 11

5. NFC USE CASES ............................................................................................................................... 12

6. NFC AND M-COMMERCE ................................................................................................................ 14

6.1 MOBILE PAYMENT ....................................................................................................................... 14 6.2 MOBILE PAYMENT – STAKEHOLDER’S EXPECTATIONS ......................................................................... 14 6.2.1 CONSUMER EXPECTATIONS ........................................................................................................ 14 6.2.2 MERCHANT............................................................................................................................. 14 6.2.3 BANKS ................................................................................................................................... 14 6.2.4 MOBILE DEVICE MANUFACTURER ............................................................................................... 15 6.3 MOBILE PAYMENT – BENEFITS ....................................................................................................... 15 6.4 USE CASE SCENARIOS ................................................................................................................. 16 6.4.1 NFC- MOBILE PAYMENT USE CASE: GOOGLE WALLET ..................................................................... 16 6.4.2 LOOK OUT FOR THE SECURITY BREACHES ...................................................................................... 16

7. FUTURE OF NFC .............................................................................................................................. 18

8. CONCLUSION ................................................................................................................................. 19

9. REFERENCES AND ABBREVIATIONS ................................................................................................ 20

9.1 REFERENCES ............................................................................................................................... 20 9.2 ABBREVIATIONS .......................................................................................................................... 20

10. ABOUT ENDEAVOUR .................................................................................................................. 21



1. Executive Summary This whitepaper introduces Near Field Communication (NFC) and briefly illustrates the concept of mobile payments using NFC. In brief, “NFC is a contactless communication technology based on the wireless short-range communication.” The NFC technology is expected to simplify everyone’s lives, with ease of making transactions, exchanging content, making payments, doing shopping, redeeming loyalty points, etc. – the list is endless. As per GigaOM’s research, forecasts and findings about NFC & NFC equipped devices:

- By 2015, the worldwide sales of NFC-equipped handsets will reach 263.6 million units, with the cumulative total at more than half a billion compatible devices.

- More than 6 million people around the world are expected to be using NFC for mass transit ticketing by 2015. This is due largely to the fact that many transportation systems already have NFC/RFID infrastructure in place.

- NFC also faces competition from bar codes, particularly the QR code. QR codes are very inexpensive to produce and include on existing products such as advertisements. Strong growth of QR codes may impede the progress of NFC deployment for nonpayment applications.

This whitepaper compares NFC with its counterpart short range technologies. Further, the paper gets into the details of NFC Ecosystem, who are the key stakeholders and what their role is in promoting NFC adoption as well as implementation. The topic gets further detailed with description of how NFC technology can be leveraged in making mCommerce more successful.



2. Introduction to NFC – Near Field Communication Before jumping onto the details of NFC, let us understand NFC Forum. NFC forum is a non-profit organization which promotes the NFC concept & its implementation. It assists in:

- developing the standards based specification - promoting the NFC technology among the contributors - validating the NFC based development - educating the users about its implementations

As NFC Forum defines, NFC is a standards-based connectivity technology; NFC harmonizes today's diverse contactless technologies, enabling current and future solutions in areas such as access control, consumer electronics, healthcare, information collection and exchange, loyalty and coupons, payments, and transport.

NFC is not a new technology and has had its implementations in transport systems in Europe for almost 8 years, but it has gained a lot of visibility in recent times in lieu of its capabilities to support payments. It uses magnetic field induction to enable communication between electronic devices in close proximity thereby enhancing the security of the transaction. NFC leverages RFID technology and provides a secure medium via identification protocols which ensure secure data transfer.

Technical Specifications of NFC: Operating frequency: 13.56 MHz Data transfer rate: 424 Kbps Operating Range: 4 to 10 centimeters ISO/IEC, ETSI, ECMA based standard used to exchange data



The following diagram illustrates the steps for data exchange leveraging NFC technology:

Step 1: NFC allows for a simple data exchange between two devices by way of a physical touch.

Step 2: NFC requires an initiator and a target

Step 3: The initiator generates a Radio Frequency

(RF) field with a range of about 4cm. Step 4: The Target Picks up the RF field and

receives the data it contains.



2.1 Operating modes

NFC technology covers the basic usages like sharing an image to the advanced levels like mobile payments. NFC supports three operating modes as shown in the below diagram.

Each mode works on a different communication layer and data transmission as the specification defined by NFC forums. The NFC forums’ architecture defines the data exchange between application and different modes

2.1.1 Reader/Writer mode

One NFC device acts like an initiator and another one as a target to transfer the tag. The tags are transferred from initiator to other NFC reader (POS) device.

2.1.2 Card Emulation mode

In this mode, the NFC mobile device emulates as a smart card. The secure element on the device communicates and exchanges data with an external reader. The mobile device communicates with the contactless infrastructure installed at merchant places. The secure element may access a wallet application to get the credit card information for payment purposes. This will be covered more in the NFC and m-Commerce section.

2.1.3 Peer-to-Peer mode

The common usage may be connecting cameras (to share photos), laptops, and special medical devices, configuring Bluetooth devices, WIFI, etc. This is mostly used in sharing configuration, images, URL’s, text, vCard, etc.

Reader Mode Peer-to-Peer Mode Card Emulation Mode

NFC Device

Contactless Card

NFC Device

NFC Device

NFC Device

Contactless Reader

Source: SpringCard



3. NFC versus other short range technologies The below diagram/table shows comparisons between NFC and other short-range communication technologies like RFID, IrDA, and Bluetooth,

NFC RFID IrDA Bluetooth Set up Time <0.1ms <0.1ms ~0.5s ~6s Range Up to 10cm Up to 3m Up to 5m Up to 30m Usability Human centric,

easy, Intuitive, Fast

Item centric, Easy Data centric, Easy Data centric, Medium

Selectivity High, Given, Security

Partly given Line of sight Who are you

Use Cases Pay, get access, share, Initiate service, easy setup

Item tracking Control and exchange data

Network for data exchange, headset

Consumer Experience

Touch, Wave, Simply connect

Get information Easy Configuration needed

Source: NFC Forum Due to the short range of NFC technology and ease of use and configuration, security enabled applications opt for this solution. Below are some other key benefits of NFC technology. Key Benefits of NFC Technology:

Intuitive: The connections between NFC devices are simple and fast.

Security ready: As the range is very minimal, user has to place the device to other NFC device in the closest proximity. For mobile payments, card emulation mode follows a much-secured channel.

Versatile: The NFC is not only meant for mobile devices, but it can also be utilized in many sectors like healthcare, travel and entertainment, transportation, retail, financial solutions, automotive, advertisement, etc.

Interoperable: Major contributors like MasterCard, Sony, Microsoft, NXP, NEC, Renesas, VISA, Nokia, Samsung, NTT docomo, Broadcom, Barclaycard, and Intel are working on NFC technology based on the universally accepted standards.

Inherently Secure: The communication range is up to 4 centimeters. This means users who want to exchange any data should tap or bring the device into the proximity.

Open and standard based: NFC Forum follows ISO/IEC 1443 A&B and JIS-X 6319-4 standards for any of the specifications. Based on this the alliance members design and develop their NFC enabled devices or applications. This will be verified and certified by the NFC Forums.



Though there are a number of benefits of implementing NFC, it also has security challenges which are listed in the following section.

3.1 NFC Security Challenges

Eavesdropping: A third party may receive and interpret the signal using the antenna.

Unwanted activation: Third party attacker tries to activate the card without the owner’s knowledge.

Data Corruption: During exchange of data, a third party may interfere and corrupt the data. This will be a threat to receiver to process the corrupted data.

Data Modification: The attacker alters the original data and processes some updated data. Although the data is in a valid format at receiving NFC device it can malfunction.

Data Insertion: This is a security threat in which attacker tries to insert a new message into a NFC communication.

Man-in-The-Middle-Attack: Third party enters between two NFC device communications and records the entire conversation.

The NFC application should provide a security framework to the above listed threats.



4. NFC Ecosystem The NFC Ecosystem consists of Merchants, Network Operators, Handset Manufacturers, Payment Kiosks, Point of Sale providers, and consumers.

This section details the importance of each stakeholder in implementation and adoption of NFC.

4.1 NFC stakeholders Consumer: End user is at the center of the ecosystem. He is the owner of the card and

initiates service requests and accepts the agreements. Merchant: The merchant is the one who keeps the POS system or reader. Merchants run a

business or service who deal with payment gateways and the banking systems. Mobile Network Operator (MNO): In real time the mobile network operators deploy the

trusted applications on the secure element. Most of the time it will be deployed over the air. Secure Element: These are designed and manufactured by the chipset manufacturers.

They work closely with the mobile network operators. Trusted Service Manager (TSM): They provide greater security, control, and trust for the

application data which are known as trusted applications. Handset Manufacturer (HM)/Chipset Manufacturers and/or platform provider: They are

the entity who manufactures the device and chips. They need to follow the specifications defined by NFC-forums.

Payment scheme: The contactless payment service integrators provide these schemes for all types of transactions.

Point of sale provider: These are hardware and software provided by the contactless payment service integrators.



The success of NFC’s adoption in existing ecosystem depends not only on its capabilities to support the existing and future models but also on creating a win-win situation for all the stakeholders. NFC adoption has received a tremendous push because of Handset Manufacturers. We now have a number of devices in the market with NFC capabilities. All the top OSes now have NFC supported devices, and the number is bound to increase. The below diagram shows the NFC ecosystem players and highlights the key functionalities:

Trusted Service

Manager

Service Provisioning

Users

Mobile Network

Provisioning

Ecosystem players

Key functionality

Handset Manufacturer

Chipset Manufacturer

Component +Tag manufacturer



4.2 Guidelines for Stakeholders To develop and implement different types of applications it requires an active participation of the stakeholders like MNO’s, service vendors, application vendors, chip manufacturers, and technology companies. Following are the guidelines for stakeholders to implement NFC based applications. The solution should ensure:

Faster transaction time

Interoperability between

devices, tags, and standards Integration with existing

payment systems

Follow regulatory norms for

mobile payments. Should address security and

privacy concerns. Switching between

reader/writer modes without lag



5. NFC Use Cases The NFC technology adaptation can be done on many sectors. Wherever a data transfer is required from one point to another the NFC can be brought in. The following table illustrates the use cases where NFC can be implemented to simplify the life of the consumer: Station /

Airport Vehicle Office Store /

Restaurant Theatre / Stadium

Anywhere

Usage of NFC Mobile Phones

Gate pass Personalize seat position

Enter exit office

Pay by credit card

Pass entrance

Download and personalize applications

Get info from smart poster

Represent Driver’s license

Exchange business cards

Get loyalty programs

Get event info Check usage history

Get info from information kiosk

Pay parking fee

Log into PC Get and use coupon

Download ticket

Pay bus or taxi fee

Print using copier machine

Share info and coupon among users.

Lock phone remotely.

Service Industries

Mass and public Transport

Drivers and vehicle services.

Security Banking Entertainment Any

Advertising Retail Credit card

Source: NFC Forum

As it is in the above diagram the NFC enabled mobile phones can be used in many of the day today activities such as

Entertainment Tourism, travel, and transport Financial institutions Wellness and Healthcare Customer loyalty programs Mobile utility applications Retail markets



NFC’s most popular use case is Mobile Payments. NFC can play a key role in promoting m-Commerce. The next section of this whitepaper focuses on this aspect of NFC implementation.



6. NFC and m-Commerce There is often confusion and overlap between a mobile payment, mobile banking, and the use of the mobile phone to simply order goods or receive delivery while paying by other means. This section provides the correct definition of Mobile Payment.

6.1 Mobile payment Mobile Payment is defined as a transfer of funds in return for goods or services where the mobile phone is involved in both the initiation and confirmation of the payment. The location of the payer and supporting infrastructure is not important - he may or may not be ‘mobile’ or ‘on the move’ or at a Point of Sale (PoS); the payment may be processed by credit cards or by a prepaid wallet. Example: funds are transferred and deducted from the prepaid amount or billed by the MNO.

6.2 Mobile Payment – Stakeholder’s Expectations

This section defines the expectations of key stakeholders in the Mobile Payment ecosystem.

6.2.1 Consumer Expectations

Personalized service Minimal learning curve Trust, privacy, and security Ubiquitous – anywhere, anytime, and any currency Low or zero cost of usage Interoperability between different network operators, banks, and devices Anonymity of payments like cash Peer to peer transfers

6.2.2 Merchant

Faster transaction time Low or zero cost in using the system Integration with existing payment systems High security Being able to customize the service Real time status of the mobile payment service

6.2.3 Banks

Network operator independent solutions Payment applications designed by the bank Exceptional branding opportunities for banks Better volumes in banking – more card payments and less cash transactions Customer loyalty



Telecom network providers Generating new income by increase in traffic Increased Average Revenue Per User (ARPU) and reduced churn (increased loyalty) Become an attractive partner to content providers

6.2.4 Mobile Device Manufacturer

Large market adoption with embedded mobile payment application Increase in Average Revenue Per User (ARPU) Government Revenue through taxation of m-payments Standards Fraud management

6.3 Mobile Payment – Benefits

Some key benefits of Mobile payment are:

Reduced cash usage Serve under-banked geographies Network Operators ROI through increase in air-time and data usage Extra revenue through mobile payments Possible diversification into other areas of the consumer’s needs and lifestyle Convenience for consumers and merchants Faster throughput at the checkout Send real-time marketing messages Mobile device fulfills multi-functions



6.4 USE CASE Scenarios

6.4.1 NFC- Mobile Payment Use Case: Google wallet

Google has launched an application called “Google wallet” which stores credit/debit card information, coupons and vouchers, tickets, receipts, and boarding passes securely on mobile devices.

It can be used for in-store transactions or online. This application stores the information securely in an encrypted format. At the time of storing the card details, Google wallet authenticates with the card issuer’s server and only once successful can it proceeds further and store the card details. Presently, this application is supported on Google Nexus S 4G devices available on Sprint. Google wallet works with city MasterCard credit cards and the Google prepaid card. There are plans to support more mobile phones and integrate all payment gateways in the near future. Currently, MasterCard PayPass is available at over 140,000 merchants across the United States. When tapped at the merchant POS, Google wallet transfers the credit / debit card tag to the pos system. Using this information the POS system processes the transaction.

6.4.2 Look out for the Security Breaches

The following concerns should be taken into consideration with respect to HTTP or web standards while implementing any payment related application:

Protocol support: The industry standard protocols like HTTPS (SSL/TLS) must be implemented. These further raise questions on whether to enable HTTP keep alive, compressions, user agent configuration, and proxy support.

Authentication: There are schemes which have to be considered for authentication. Some of them are basic, digest, or HTTP negotiates. The web standards like HTTP form-based (automated/scripted/non-automated) are to be decided. Further, it can reach to single sign-on mechanism or implementing client SSL certificates.

Session management: Session management capabilities like starting a new session, session token refresh, management of expired sessions, and reacquire session tokens are to be considered. The sessions are managed using HTTP cookies/parameters/URL paths. Session token detection and session token refresh policy are important factors for any application which deals with sessions.

Parsing: Any kind of parsing the web content type and character encoding is a major area to pay attention to. Some of the web content types are HTML, JavaScript, VBScript, XML, Plain text, ActiveX object etc and character encoding are ISO—8859-1, UTF-7, UTF-8, UTF-16 etc.

Testing: The major part of the implementation is testing for different security breaches. Some of them are listed below.



o Test configurations: This includes host name, URL patterns, cookies, HTTP headers, etc.

o Authentication: Like brute force, weak password, lack of SSL on login pages etc. o Authorization: Prediction of session, credentials, insufficient session expiration,

session weakness. o Client side attacks: These are content spoofing, cross site scripting, phishing or URL

redirection, cross-domain attacks, SQL injection, HTTP header injection, etc. o Information disclosure: Insufficient handling of critical/secured data to the target user.



7. Future of NFC Gigantic growth in the number of NFC applications and pilot projects makes it an exciting technology to explore and a commercially viable solution. Most of the current technological challenges with respect to different sectors are finding solutions with NFC technology. The rise in NFC hardware and chip manufacturers, service provisioning entities, and the application vendor membership in NFC-forums itself suggests a good growth trend in this technology. PayPal, the payments giant, boldly predicts that the physical wallet will be dead by 2015. It recently acquired mobile payments provider Zong for $240 million. Google recently launched Google Wallet, the search giant’s mobile payment system. Visa recently made a strategic investment in Square, the mobile payments platform now worth more than $1.4 billion. Mobile payment transactions already total $240 billion annually, but that's just the tip of the iceberg. Juniper Research reports that the market will grow 2x to 3x in the next 5 years. The SD Association (standard body for SDCards) is planning to embed NFC chip into SDCards. In the secure application management space, the “GlobalPlatform” collaborated with some of the providers for implementation. Keeping security as a major driver, the NFC enabled SIM cards are planned to be launched soon. More than 45 global wireless carriers are advocating SIM based NFC solutions. Below are some of the forecast:

2013 Sales of NFC equipped phones will exceed $75 billion 1 in 5 cell phones worldwide will use NFC technology

2014 NFC transactions alone will approach $50 billion Google predicts that 50% of cell phones will use NFC technology

2015 The value of all mobile money transactions is expected to reach $670 billion Digital goods will make up nearly 40% of this market Asia, Western Europe, and North America will be responsible for 75% of all mobile payment

transactions



8. Conclusion NFC technology has evolved to a standard in last six to seven years. Looking at the benefits, it indicates that NFC is a great choice for application architecture, design, and development. There are several pilot projects running around the world using NFC technology. The user experiences among these projects are positive. The NFC-forum advocates this technology by implementing specifications and giving certificate to members and their products based on these specifications. This makes the interoperability between the device manufacturers and service vendors possible. Various sources suggest that NFC will become a trend for coming years in the mobile and consumer application space. This causes a decision maker to consider NFC as a technology for possible implementation.



9. References and Abbreviations

9.1 References

NFC forum http://www.nfc-forum.org/aboutnfc/nfc_and_contactless/ NFC news http://www.nfctimes.com/ Mobile payment news site http://www.mobeyforum.org G+ https://www.gplus.com/Mobile-Payments/Insight/INFOGRAPHIC-

Goodbye-Wallets-How-Mobile-Payments

9.2 Abbreviations

NDEF NFC Data Exchange Format UICC Universal Integrated Circuit Card eSE Embedded secure elements POS Point Of Sale TEE Trusted Execution Environment



10. ABOUT ENDEAVOUR Endeavour - The Mobility Company is a niche player in the mobile application services space. Endeavour provides end-to-end services for organizations that are looking to leverage MOBILITY. The company has focused, since its founding in 2002, on two core areas: Strategic and Technology consulting: Demystifying Mobility.

Mobile Opportunity Assessment - MOA - on “what” and “how” of Mobile deployments for the work force, impact on consumers, and brand.

Helping CXOs understand the mobilization possibilities, competitive landscape, and the mobile ROI.

Building the Mobility Roadmap for the organization.

Execution: Mobile solution development across platforms and verticals. Platforms - iPhone, Android, Blackberry, Symbian, Nokia, Bada, Brew, webOS, J2ME Verticals - Healthcare, Manufacturing, Supply chain, Consumer solutions, Telecom expense

management, device provisioning, Media and news, Business Intelligence. Did you find the whitepaper interesting? Would you like to get more details? Drop us an acknowledgement at [email protected] Read more interesting whitepapers at: Endeavour Insights>Whitepapers Find more about “Endeavour-The Mobility Company” at www.techendeavour.com

understanding near field communication

Documents

nfc stakeholders

nfc ecosystem

innovative mobile solutions

nfc security challenges

nfc use cases

innovative solutions

peer mode

ideas solutions