NFC Times Special Report: In a move with potentially far-reaching implications for the NFC industry, Google has built support for host-card emulation into its new Android operating system, which could enable payments and other “secure” applications without a secure element.
Google has made host-card emulation part of Android 4.4, dubbed KitKat, which it released late last week with its Nexus 5 smartphone. The NFC-enabled device is the first to support the new operating system version, and is not believed to pack an embedded secure element. It would be the second Nexus device in a row, after the refreshed Nexus 7 tablet released last summer, not to carry an embedded chip.
Google touts the host-card emulation support in Android 4.4 as offering “secure NFC-based transactions” for payments, loyalty programs, access control, transit passes and other transactions in card-emulation mode, without the need to provision and manage secure elements, such as SIM cards or embedded chips–though it can’t be used with the still-popular transit card technology, Mifare Classic, or with such other proprietary contactless technologies as FeliCa.
Google’s move means that official Android apps for the first time could receive standard smart card commands directly from the large installed base of contactless terminals through the NFC radio controller chip and could respond even when the phone screen is locked.
Still, questions remain about the security of payment services on NFC phones using host-card emulation, as well as how cloud-based NFC payments would deal with spotty mobile network coverage at retail outlets and how host-card emulation might affect the overall user experience.
Critical to the success of host-card emulation will be support by major payment schemes, especially Visa and MasterCard Worldwide, which have not yet weighed in publicly on their willingness to standardize, certify and promote the concept, though both are evaluating it. And a representative of MasterCard, James Anderson, said he believed host-card emulation might help break the logjam now blocking rollouts of NFC.
Sometimes called software emulation or “secure element in the cloud,” host-based card emulation–known by the abbreviation HCE–also could potentially use the trusted execution environment in place of secure elements, say some observers. The TEE, a combination of hardware and software on processor chips, is already in more than 100 million mobile devices, though it remains to be seen whether payment schemes would allow their keys to be stored there, since the secure area in the TEE uses is not as tamper-resistant as secure chips.
Whether remaining on the device or in the cloud, HCE could potentially enable service providers of secure applications to avoid using the NFC SIMs and embedded chips issued by mobile operators and device makers, respectively, and the rental and TSM fees that go along with them.
“All eyes right now are on MasterCard and Visa,” Doug Yeager, CEO of U.S.-based HCE technology supplier SimplyTapp, told NFC Times. “They’re the last business blocker on the list. That’s for payment.”
Words: 4,500
Graphics:
•Chart, Google host-based card emulation for Android 4.4
•Chart, Bell ID’s “secure element in the cloud’ offer
Among Topics Covered:
•Host-card emulation, or HCE, for Android–what it is, what it means
•Comments from Visa and MasterCard on host-card emulation
•Banks planning proprietary HCE projects
•HCE effect to enlarge the pool of app developers in the NFC ecosystem and making use of the large installed base of contactless readers
•Use of trusted execution environment to store card details and emulate payment and other applications.
•Connectivity concerns for HCE and remedies from vendors
•Security issues raised by HCE
Sources Quoted:
•James Anderson, SVP, mobile, MasterCard Worldwide
•Mary Carol Harris, VP, mobile strategic alliances, mobile, contactless and innovation strategy, Visa Europe
•Spokeswoman, Visa Inc.
•Brian Smith, director. product development, Pinsight Media+, Pinsight Touch, Sprint
•Doug Yeager, CEO, SimplyTapp
•Thian Yee Chua, SVP, convergence services, Morpho e-Documents division
•Gil Bernabeu, technical director, GlobalPlatform
•Michael Roland, associate researcher, NFC Research Lab Hagenberg
•Tom Poole, VP, mobile payments and commerce, Capitol One
Among companies and organizations mentioned:
Google
Visa
MasterCard Worldwide
Royal Bank of Canada
Sprint
Bankinter
BlackBerry
SimplyTapp
Morpho
Bell ID
NFC Research Lab, Hagenberg
Capital One
Microsoft
This is premium content from NFC Times