CSCIP Module 6 - Mobile-NFC-Pay TV Final - Version 2 - October 8, 2010 1 for CSCIP Applicant Use Only

Module 6: Smart Card Usage Models – Mobile, NFC and Pay TV

Smart Card Alliance Certified Smart Card Industry Professional Accreditation Program

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org .

Important note: The CSCIP training modules are only available to LEAP members who have applied and paid for CSCIP certification. The modules are for CSCIP applicants ONLY for use in preparing for the CSCIP exam. These documents may be downloaded and printed by the CSCIP applicant. Further reproduction or distribution of these modules in any form is forbidden.

Copyright © 2010 Smart Card Alliance, Inc. All rights reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from the Smart Card Alliance. The Smart Card Alliance has used best efforts to ensure, but cannot guarantee, that the information described in this report is accurate as of the publication date. The Smart Card Alliance disclaims all warranties as to the accuracy, completeness or adequacy of information in this report.

Table of Contents

1 INTRODUCTION ...... 5 2 SMART CARD DRIVERS AND BENEFITS ...... 6

2.1 STRONG SECURITY ...... 6 2.2 MULTIPLE APPLICATIONS ...... 6 2.3 CONSUMER AND MOBILE OPERATOR CONVENIENCE ...... 6 3 MOBILE TELECOMMUNICATIONS ...... 7

3.1 SIM S AND MOBILE NETWORKS ...... 7 3.2 USAGE MODEL FOR SIM AND UICC FOR MOBILE DEVICES ...... 8 3.3 TECHNOLOGY ...... 11 4 UICCS ...... 13

4.1 UICC S AND MOBILE NETWORKS ...... 13 4.2 USAGE MODEL FOR MOBILE DEVICES ...... 13 4.3 TECHNOLOGY ...... 14 5 NEAR FIELD COMMUNICATION (NFC) ...... 15

5.1 NFC APPLICATIONS ...... 15 5.1.1 Transit and Ticketing ...... 16 5.1.2 Payment ...... 16 5.1.3 Advertising ...... 16 5.1.4 Connectivity ...... 17 5.1.5 Maximizing other Wireless Platforms ...... 17 5.1.6 A Day in the Life of an NFC Mobile Phone ...... 18 5.2 NFC TECHNOLOGY ...... 19 5.3 NFC MOBILE ECOSYSTEM AND CONVERGENCE WITH CONTACTLESS CARD TECHNOLOGY ...... 21 5.3.1 Key Functionalities ...... 22 5.3.2 Ecosystem Players...... 23 5.3.3 Key Factors in Building a Successful NFC Mobile Ecosystem ...... 24 5.3.4 Conclusion ...... 25 5.4 THE NFC FORUM ...... 25 5.5 NFC DEPLOYMENT STATUS ...... 26 5.6 SECURITY AND NFC APPLICATIONS ...... 29 5.6.1 UICC (SIM)-Based Secure Element ...... 30 5.6.2 SD Card-Based Secure Element ...... 30 5.6.3 Embedded Hardware Secure Element...... 31 5.6.4 Secure Element Integrated in the Mobile Device Baseband Processor ...... 31 5.7 STATUS OF NFC TECHNOLOGY ...... 32 5.7.1 Standards ...... 32 5.7.2 Certification ...... 33 5.7.3 NFC Device Availability ...... 34 6 PAY TV ...... 37 7 SAMPLE SMART CARD MOBILE AND SUBSCRIBER MODELS ...... 38

7.1 GSM AND SUBSCRIBER PRIVACY ...... 38 7.2 NFC PROXIMITY MOBILE PAYMENTS ...... 39 7.2.1 Technology Overview ...... 39 7.2.2 Collaboration Model Overview...... 39 7.2.3 Collaboration Model Stakeholder Roles and Benefits ...... 41

8 RELEVANT STANDARDS AND SPECIFICATIONS ...... 44

8.1 STANDARDS RELEVANT TO SMART CARD PHYSICAL CHARACTERISTICS ...... 44 8.2 STANDARDS AND SPECIFICATIONS RELEVANT TO TECHNOLOGIES RELATED TO THE CARD INTERFACE ...... 44 8.3 STANDARDS AND SPECIFICATIONS RELEVANT TO THE CARD COMMANDS AND APPLICATION DATA STRUCTURES ...... 44 8.4 STANDARDS AND SPECIFICATIONS RELEVANT TO ISSUERS OR SPECIFIC INDUSTRY SECTORS ...... 45 9 REFERENCES ...... 46 10 ACKNOWLEDGEMENTS ...... 48

1 Introduction Smart cards are used extensively in the telecommunications industry worldwide. Eurosmart forecasted that 300 million memory smart cards and 3.4 billion microcontroller smart cards shipped globally for telecommunications applications in 2009. This module describes how smart cards are used in mobile, Near Field Communication (NFC) and Pay TV applications. After reviewing this module, CSCIP applicants should be able to answer the following questions: • What are the benefits that smart card technology delivers for telecommunications applications? • What are SIMs and UICCs and how are they used in mobile devices? • How are SIMs and UICCs deployed in the market? • What is NFC technology and what applications are using NFC? • How do SIMs protect mobile subscriber personal information? • What are NFC proximity mobile payments and how are they being implemented?

2 Smart Card Drivers and Benefits Smart cards are used extensively in the telecommunications industry worldwide. According to Eurosmart, 300 million memory smart cards and 3.4 billion microcontroller smart cards shipped globally for telecommunications applications in 2009, with 3.7 billion microcontroller smart cards forecasted to ship in 2010.1 Smart cards are used in two primary telecommunications applications – as prepaid (stored value memory cards) telephone cards and as the microprocessor smart card-based Subscriber Identity Module (SIM) in mobile phones. This section summarizes the drivers for microprocessor smart card technology being used for mobile phones; benefits and drivers for memory smart cards used as stored value cards are discussed in Module 5. Additional information on benefits for specific markets and applications are included in the sections that follow.

2.1 Strong Security Smart cards used as SIMs in mobile phones provide a high level of security. Mobile network operators (MNOs) take advantage of the smart card to: • Securely store subscriber identity data • Securely store MNO data • Securely store subscriber phone books • Authenticate subscribers to the MNO network • Encrypt information communicated over the MNO network • Support conditional access systems and digital rights management to enable MNOs to deliver content securely to consumers

2.2 Multiple Applications As telecommunications networks evolve to next generation technologies, smart card technology also provides the security functions necessary to support multiple applications. The need for a more robust multi-application capability extends beyond phone and data service, as operators work with stakeholders in other sectors like banking and entertainment to bring new services like mobile payment, movie broadcasting and NFC applications to the mobile phone.

2.3 Consumer and Mobile Operator Convenience Smart card technology provides convenience both for consumers and MNOs. SIMs make it possible for consumers to switch cell phones more easily and for operators to support more handsets and get them to market more quickly. SIMs have the capability to store phone numbers and contacts. SIMs also enable global roaming, provide data backup options, enable rich multimedia branding of handsets for operators and can provide strong digital rights management for content providers. The fact that SIMs can be distributed independently from the cell phone has made them ideal for enabling MNOs to offer prepaid subscription services, which represent the majority of cell phone subscriptions worldwide.

1 Eurosmart, Worldwide Smart Card Shipments 2009 and 2010, http://www.eurosmart.com/index.php/publications/market-overview.html

3 Mobile Telecommunications A Subscriber Identity Module (SIM) card is a type of microprocessor-based smart card used in mobile phones and other devices. A SIM identifies and authenticates a subscriber to a wireless cell phone network. Unless blocked by the operator, a subscriber can move his phone service to a new phone just by physically moving the SIM. SIMs also facilitate global roaming, providing subscribers with access to voice, data and other services when traveling in other countries. In addition, SIMs can store contact information and phone numbers, and can be used for other applications. The Universal Integrated Circuit Card (UICC) is a new generation of SIM technology optimized for newer wireless network standards. The term SIM is widely used in the industry and especially with consumers to mean both SIMs and UICCs, although they are different technologies. The UICC offers many enhanced capabilities, including better support for multiple applications and IP addressing. Chapter 4 discusses UICCs in more detail. SIMs and UICCs are the smart card industry’s highest volume products for both units and revenue. According to Eurosmart, an association of smart card manufacturers, microprocessor card production worldwide for the telecom sector in 2009 was 3.4 billion units. This represented 75.2% of the 4.52 billion total number of microprocessor cards produced for all sectors. Telecom unit volume was five times that of the second largest sector, financial services, which was 750 million units. 2 3.1 SIMs and Mobile Networks SIMs and the newer UICCs are used in wireless networks based on several different standards, but the fact that they are mandatory in GSM (Global System for Mobile communications) networks has been a very significant market driver. GSM and its offshoots are the world’s leading wireless network standards, and are now used in 219 countries and territories. Today there are more than 3.4 billion GSM network connections worldwide, representing 80% of world’s mobile network connections. Terrestrial GSM networks now cover more than 80% of the world’s population. 3 GPRS (General Packet Radio Service) is a very widely deployed wireless data service, available now with most GSM networks. Each GSM phone contains a SIM to identify and authenticate the phone, voice and data services on the network. SIMs support different calling plans ranging from subscriptions to prepaid plans. In the U.S. and Canada, GSM-based operators include AT&T, T-Mobile and Rogers Wireless. Mobile devices used in these networks all have a SIM or UICC inside. Another important wireless network standard is CDMA, although the majority of CDMA-based handsets do not include a SIM. In CDMA handsets, the functions of subscriber and phone identity and authentication are incorporated into the electronics of the handset. In some cases, operators do use SIMs in CDMA-based devices. A SIM in a CDMA handset is called a Removable User Identity Module (R-UIM). Some satellite phone networks also use SIM cards, including Iridium, Thuraya and Inmarsat's BGAN. All mobile networks are evolving to newer and faster technologies for transmitting mobile voice and data services. This evolution is very important to the smart card industry, because the wireless network standards that build on GSM will also make the use of SIMs or UICCs mandatory. In order to develop a unified evolution direction for GSM-based network operators, several telecommunications standards bodies formed the 3rd Generation Partnership Project (3GPP) in 1998.

2 Eurosmart, Worldwide Smart Card Shipments 2008, http://www.eurosmart.com/index.php/publications/market- overview.html 3 GSM Association, Market Data Summary, August 7, 2009, http://www.gsmworld.com/newsroom/market- data/market_data_summary.htm

3GPP defined a migration path for third generation radio technologies under the umbrella name of Universal Mobile Telecommunications System (UMTS). This is also referred to as 3GSM, or simply 3G. In common usage, many people refer to all of these network technologies as GSM. More precisely, GSM refers to the whole mobile system for 2G, the second generation of networks. The correct term for 3G networks in this technology family is UMTS. 4 UMTS includes two underlying radio technology specifications that are both widely used, Wideband Code Division Multiple Access (W-CDMA) and High-Speed Packet Access (HSPA). At the end of 2007, W- CDMA represented over 70% of commercial 3G networks, with over 190 networks in 83 countries, and more than 160 million W-CDMA subscriptions. 5 UMTS networks in many countries have been upgraded with the faster HSPA, sometimes known as 3.5G. According to 3GPP, by the end of 2007, there were 166 commercial HSPA networks (for the downlink direction) in 75 countries with a further 38 networks committed to deployment. 6 The next evolutionary step up from UMTS is Long Term Evolution (LTE). Sometimes operators that are implementing LTE refer to it as 4G, although the industry has not yet agreed upon defined standards for 4G networks as of July 2008. LTE is backwards compatible with GSM and HSPA and delivers very fast data speeds of up to 100 Mb/s downlink and 50 Mb/s uplink. 7 LTE is not only for operators already following the GSM migration path, but also for others , including some running CDMA networks today. Internationally, GSM is already the dominant standard, so as these operators upgrade their networks along this migration path to LTE, they will continue to use SIMs/UICCs in all of their mobile devices. Of particular importance to the U.S. smart card industry is that Verizon Wireless, the largest wireless operator in the U.S. and a CDMA-based network, is migrating to LTE. Verizon’s LTE network will start to be operational in 2010. 8 This wireless network technology roadmap, and the fact that Verizon is migrating to LTE, is extremely significant for the U.S. smart card industry, because it means that virtually all cell phones and smart phones in the United States will eventually contain a SIM/UICC. The significance of LTE and higher bandwidth to consumers is the availability of more services (e.g., video calling, mobile TV, VoIP).

3.2 Usage Model for SIM and UICC for Mobile Devices SIMs are typically manufactured as a full credit card-sized card, but the actual SIM module that is put into the cell phone is a small part of the card about the size of a postage stamp. The area around the SIM is notched so that only a few plastics links connect the SIM module to the card body and it can easily be broken off. The module itself has a width of 25 mm, a height of 15 mm, and a thickness of .76 mm. 9 The SIM is installed in a connector in the phone behind the battery. Figure 1 shows an example SIM.

4 3GPP, Keywords: UTMS, http://www.3gpp.org/article/umts 5 3GPP, Keywords: W-CDMA, http://www.3gpp.org/article/w-cdma 6 3GPP, Keywords: HSPA, http://www.3gpp.org/HSPA 7 GSM Association, GSM Technology: LTE , http://gsmworld.com/technology/lte.htm#nav-6 8 Verizon Wireless Fosters Global LTE Ecosystem as Verizon CTO Dick Lynch Announces Deployment Plans , Verizon Wireless Inc. news release, Feb. 18, 2009, http://news.vzw.com/news/2009/02/pr2009-02-18.html 9 Reference Material for Assessing Forensic SIM Tools, Wayne A. Jansen, Aurelien Delaitre, National Institute of Standards and Technology, Paper No. ICCST 2007-74, http://csrc.nist.gov/groups/SNS/mobile_security/documents/mobile_forensics/Reference%20Mat-final-a.pdf

Figure 1. SIM cards are produced as full cards with the plastic around the contact notched. It can easily be broken off to the small size pictured here, which is what is inserted into the cell phone or smart phone.

A SIM provides several advantages. First and foremost, as a microprocessor smart card, it provides a high level of security based on mutual authentication using challenge/response, random number and session encryption techniques. Another very significant advantage of SIMs is that they can be produced, personalized and distributed independently from the cell phone. This has been particularly important for the development of the worldwide market. In addition, SIMs provide a phone-agnostic platform for deploying simple, but profitable, text menu-based services using the SIM tool kit. In addition, SIMs make it possible for consumers to switch cell phones more easily and for operators to support more handsets and get them to market more quickly. SIMs enable global roaming, provide data backup options, enable rich multimedia branding of handsets for operators and can provide strong digital rights management for content providers. Each of these advantages is discussed in more detail below. SIMs are deployed in the market in different ways in different markets, but fall into two primary models depending on how the customer pays for their mobile phone service, by subscription or prepaid. In the United States, most cell phone owners have service subscriptions based on a monthly charge for a certain number of calling minutes and amount of data services, such as text messaging or Web access. Consumers usually buy their cell phones through retail outlets owned and operated by the mobile network operator (MNO). The cost of the cell phone is typically subsidized by the operator, often with a very significant discount, in exchange for the subscriber signing a one or two year service agreement. The SIM is provided with the phone at the store. The other market model is that the phone and the wireless service are sold separately and move through the same retail distribution channels as other consumer electronic products. This can be either a subscription plan or a prepaid plan. Worldwide, 60% of mobile phone users have prepaid subscriptions.10 Since many prepaid cards are disposable, the actual number of cards shipped annually by the industry is actually higher than the number of new GSM family mobile phones that are sold. In fact, the GSM Association credits the SIM for expanding the mobile world. The option of a prepaid card for wireless services eliminated previous barriers such as waiting lists, registration, credit checks, deposits and high initial access costs that prevented low income people from acquiring and using cell phones. It replaced a monthly bill, which can be a worry for many consumers, with a pay-as-you-go plan. Consumers can purchase phones at a low price, or even use re-conditioned or “hand me down” phones. Small denomination top-ups allow low income people to receive credit from friends and family. Free “call- me” text messages with caller paid airtime plans enable reverse-charge calling. All these factors are now implemented in most developing countries. Technological developments, economies of scale and market forces have brought the price of handsets down significantly to less than 15% of the total cost to subscribers. 11 SIM-based phones can be open (unlocked) or closed (locked). The difference is that an open phone works with any network operator's SIM cards. A closed phone does not allow you to use any phone service other than that of the operator who sold you the phone.

10 2008 Global Mobile Communications - Statistics, Trends and Forecasts , Paul Budde Communication Pty Ltd., February 20, 2008, http://www.marketresearch.com/product/display.asp?productid=1687234 11 Universal Access , GSM Association report, http://gsmworld.com/documents/universal_access_full_report.pdf

Figure 2. How Consumers Use SIMs to Upgrade Phones (Source: Gemalto) Consumers have a greater choice of phones and have more flexibility in buying cell phone service with open phones; however, consumers in the U.S. for example, where most GSM phones are locked, benefit from phone subsidies that greatly reduce the price of new cell phones or smartphones. SIMs make it easy to switch to a new phone, as explained in the information graphic above. A user’s SIM contains all the information required to activate the new phone. SIMs have the capability to store phone numbers and contacts. In most cases, the default is to store phone numbers and contacts in the memory of the handset. Consumers usually do have the option to change their settings so that a copy of the phonebook is kept in the SIM. The advantage of this is that if the phone stops working, the SIM can be removed and the contacts can be moved into a new phone or read from the SIM.

For the operator, an important advantage of the SIM is that it enables operators to support more handsets and get them to market more quickly. CDMA handsets that use embedded electronics for identity and authentication require handset makers to program specific handset models with the look and feel defined by the operator. With a SIM, an operator can develop their branding and user interface once on the SIM. When the SIM is inserted into a phone, the SIM personalizes the phone to the operator’s branding. This advantage of the SIM card also gave rise to a new class of wireless service provider, the mobile virtual network operator (MVNO). MVNOs do not own and operate the own wireless network. Instead they lease services in bulk and resell them to consumers and businesses by providing subscribers with a SIM card. The SIM card is the delivery mechanism that enables MVNOs to efficiently use normal retail and online distribution channels, thereby expanding the market and fostering greater competition. A very important advantage of SIMs and the GSM network is global roaming. Subject to appropriate business agreements between operators, this feature enables subscribers to move from country to country and use their same phone number for data and voice services. As MNOs evolve network technologies they are reaching broadband speeds. An important goal for MNOs is to use these higher speed networks to provide customers with richer mobile multimedia services and entertainment content such as Internet access, music, TV and video. Newer multimedia SIM and UICC products provide features to support a richer experience for consumers. For example, a multimedia SIM can personalize a smartphone with the branding look and feel of the operator, a very important advantage for the operator. Multimedia SIMs can also support conditional access systems such as those used to protect cable and satellite TV transmissions. This high level of digital rights management and security for content providers enables them to work more closely with mobile operators and deliver high value, current programming such as TV and movies.

3.3 Technology A SIM card is a microprocessor-based smart card, typically using the Java Card operating system. The SIM card and application is defined by ETSI Technical Standard 100 977 V8.14.0 (2007-06), “Digital cellular telecommunications system (Phase 2+);Specification of the Subscriber Identity Module -Mobile Equipment (SIM-ME) Interface, (3GPP TS 11.11 version 8.14.0 Release 1999).” The standard defines the file structure of the card, how the card application works in GSM networks and its security mechanisms. Important information stored in the SIM microprocessor files include: 12 • The phone identity number used by the operator, called the International Mobile Subscriber Identity (IMSI); note this is not the phone number known by the subscriber; it is used by the operator to connect with the SIM and the mobile phone • PIN codes and PIN reset mechanisms, now called Card Holder Verification information (CHV) and Unblock CHV Key, respectively. • Phone books, abbreviated dialing records, emergency call codes and text messages • A prioritized list of preferred networks, called the Preferred Land Mobile (PLMN) selector • The ciphering key, Kc, and the ciphering key sequence number n used for secure authentication and encryption of communications • The SIM service table, indicating which services are available • Price per Unit and Currency Table (PUCT), which may be used when roaming between countries to compute the cost of calls in the currency chosen by the subscriber

12 ETSI Technical Standard 100 977 V8.14.0 (2007-06), Digital cellular telecommunications system (Phase 2+);Specification of the Subscriber Identity Module -Mobile Equipment (SIM-ME) Interface, (3GPP TS 11.11 version 8.14.0 Release 1999) .

• GPRS location information to facilitate packet data switching Authentication and encryption are very important features of the SIM specification. In order to keep the keys secret and provide strong authentication, the SIM application has an internal function called Run GSM Algorithm. The network passes a random challenge number to the SIM using this command, and the microprocessor in the SIM uses the GSM standard algorithm to generate authentication response and encryption key values, which are validated by the network. 13 The response is generated inside the SIM, so the secret keys are never exposed to the network. This strong authentication method ensures security for the MNO as well as the subscriber. SIM cards are designed to support other applications programmed using the SIM Application Toolkit (STK). The STK enables the SIM to interact directly with the handset independently of the network. In 2G networks, SIM Application Toolkit (SAT) was defined in GSM 11.14 standard. From release 4 onwards, GSM 11.14 is replaced by 3GPP 31.111 which also includes specifications of USIM Application Toolkit (USAT), which is the equivalent of the STK for UICCs in 3G networks. 14 STK applications are developed using Java, an object oriented programming language developed by Sun Microsystems. This language is designed to be platform independent, is widely used making it easy to find programmers and has inherent multi-application and security advantages. An important related technology is over-the-air (OTA) programming of SIM cards. OTA platforms utilize SMS messaging to remotely transmit the settings necessary to use a mobile phone in a network. OTA can be used to add new services, distribute software updates to SIM cards and handsets and manage the device subscriber base for MNOs. SIM technology continues to evolve, and many of the latest advances are in the UICCs that are designed to work with UMTS and LTE networks, which is the subject of the next section.

13 Ibid., ETSI TS 03.20. 14 SIM Toolkit, Gemalto, http://www.gemalto.com/techno/stk/

4 UICCs The Universal Integrated Circuit Card (UICC) is a type of microprocessor-based smart card used in mobile phones and other devices. A UICC identifies and authenticates a subscriber to a wireless cell phone network. The term SIM is widely used in the industry and especially with consumers to mean both SIMs and UICCs, although they are different technologies. The UICC is a new generation of SIM technology specified in newer UMTS and LTE wireless network standards. This section will focus on the differences between UICC and SIM technology, but the reader should remember that the UICC has all of the advantages and capabilities of a SIM as discussed in Section 3. The most important capabilities of the UICC are better support for multiple applications and Internet Protocol (IP) addressing. 4.1 UICCs and Mobile Networks Standards organizations defined the UICC to replace 2G SIM cards as they mapped out the migration from 2G GSM networks to 3G Universal Mobile Telecommunications System (UMTS) and Long Term Evolution (LTE). The most important standards are: • ETSI TS 121 111 V8.2.0 (2008-07), Technical Specification, Universal Mobile Telecommunications System (UMTS); USIM and IC card requirements (3GPP TS 21.111 version 8.2.0 Release 8) • ETSI TS 131 101 V8.0.0 (2009-01), Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; UICC-terminal interface; Physical and logical characteristics (3GPP TS 31.101 version 8.0.0 Release 8) • ETSI TS 131 102 V8.6.0 (2009-07), Technical Specification Universal Mobile Telecommunications System (UMTS); LTE; Characteristics of the Universal Subscriber Identity Module (USIM) application (3GPP TS 31.102 version 8.6.0 Release 8) UMTS and LTE networks are moving toward the use of IP addressing in network communications. The higher broadband speeds coming to mobile networks will provide their customers with much better quality of service for data driven applications. Support for IP communications is an important aspect of delivering services in wireless broadband networks. UICCs are backwards compatible with 2G GSM networks, but also support IP addressing. 4.2 Usage Model for Mobile Devices One important difference is that the UICC is optimized to have multiple applications, including multiple phone subscription applications on a single UICC. With 2G SIMs, the physical SIM card and the SIM subscriber identity application were bound together. In UICC standards, these are separated, and the phone service identity application is called the Universal Subscriber Identity Module (USIM) application. The multi-application capability became increasingly important as operators upgraded their networks to newer standards. There would be transition periods in which the newer network was only partially available. Operators would need to provide subscribers with the newer network where it was available, but would fall back to the older network if that was all that was available. The UICC made it easier to have two apps on the SIM, one 2G for the current GSM network, and one USIM application for the UMTS implementation. In a CDMA network operating with UICCs, the application is called a CDMA Subscriber Identity Module (CSIM). It is possible to have a removable User Identity Module (R-UIM) with all three applications, so it could work in CDMA, GSM, or UMTS handsets.

4.3 Technology In addition to IP protocol support, the other main technology advance in the UICC is that it is designed as a true multi-application smart card. USIM and other applications are separately specified and can co- exist. The need for a more robust multi-application capability extends beyond phone and data service, as operators work with stakeholders in other sectors like banking and entertainment to bring new services like mobile payment or movie broadcasting to the mobile phone. For example, Section 5 discusses Near Field Communication (NFC), a short range wireless communications standard that enables contactless payment or transit fare payment using mobile phones, as well as other applications. Implementing NFC payment applications in mobile phones created new requirements beyond traditional phone and data services. For example, it is necessary to have key and PIN management for use with the payment application that is separate from the phone service application. Neither telecom operators nor banks are interested in managing the others' keys and security, for obvious liability reasons. Payment applications need to be communicated securely from the bank providing the payment account to the cell phone using OTA networks, with end-to-end encryption assured. The applications need to be isolated from one another inside the phone, and each must have secure post issuance updating capabilities, such as shutting off delinquent or lost payment accounts, for example. The fact that chip-based bankcards, contactless payment and UICCs are all smart card-based made it possible to more easily address these issues. By specifying the UICC as a true multi-application smart card, the new standards laid the foundation to converge more sophisticated applications onto the UICC. For example, Global Platform is an independent, standardized infrastructure for application development, deployment and management of smart cards that is very widely used in financial services and other sectors. The multi-application structure of the UICC enabled Global Platform to define a standard for the mobile services sector that manages the secure over-the-air delivery of new services. Working with wireless standards bodies, Global Platform created the UICC configuration—an implementation of GlobalPlatform Card specification v2.2 on UICCs. It supports remote application management via OTA and USIM applications. It provides dynamic post-issuance card management, including dynamic addition and modification of applications, paving the way to converge payment and other applications on the UICC and mobile phone. Another important application on the UICC is the IP Multimedia Services Identity Module (ISIM). This is an application to provide secure mobile access to multimedia services. In the United States, for example, many subscribers have a UICC with USIM and ISIM applications for phone service and multimedia respectively. 15 In LTE networks, new multimedia services will be delivered through the IP Multimedia Subsystem (IMS). A byproduct of IMS is the option to converge services across both wireless and fixed networks. This means eventually subscribers could use the same services across many devices (mobile phones, PCs, office or home networks) and through a number of different channels (e.g., WiFi, DSL, LAN, 3G). In these examples, the UICC can be contained in a USB dongle or other form factor in addition to the mobile phone. This is significant as subscribers have the potential to have multiple devices associated with the same account, increasing the potential for a multiple penetration rate within an operator’s existing subscriber base. 16

15 What is a UICC and how is it different from a SIM card? , Just.AskGemalto.com, http://www.justaskgemalto.com/en/communicating/tips/what-uicc-and-how-it-different-sim-card 16 LTE, UICC and the Future of Mobile Communications , Gemalto.com, Jean-Louis Carrara

5 Near Field Communication (NFC) The content in Sections 5.1 through 5.4 is reprinted with permission from the NFC Forum, http://www.nfc- forum.org. The Smart Card Alliance thanks the NFC Forum for their contribution. 17 Near Field Communication (NFC) is a short-range wireless connectivity technology (also known as ISO 18092) that provides intuitive, simple, and safe communication between electronic devices. Communication occurs when two NFC-compatible devices are brought within a few centimeters of one another. NFC operates at 13.56 MHz and transfers data at up to 424 Kbits/second. Because the transmission range is so short, NFC-enabled transactions are inherently secure. NFC is distinguished by its intuitive interface and its ability to enable largely proprietary wireless networking platforms to interoperate in a seamless manner. The primary uses are to: • Connect electronic devices , such as wireless components in a home office system or a headset with a mobile phone • Access digital content , using a wireless device such as a cell phone to read a “smart” poster embedded with an RF tag • Make contactless transactions, including those for payment, access and ticketing

5.1 NFC Applications Early uses of the technology are expected to be with NFC-enabled mobile phones, which can easily be configured to become the only thing anyone needs to carry. Everyone will be able to: • Make payments with a wave or a touch anywhere contactless card readers have been deployed • Read information and “pick up” special offers and discounts from smart posters or smart billboards • Store tickets to access transportation gates, parking garages or get into events • Store personal information that will allow secure building access • Take a picture and transfer it to an NFC-enabled printer or monitor • Share business cards with other NFC-enabled phones • ... and perform many more functions

Figure 3. The possibilities for using Near Field Communication are nearly limitless. The potent attraction of touch-less transactions will help weave NFC technology into the fabric of our daily lives

17 Sources: NFC Forum, The Keys to Truly Interoperable Communications and Essentials for Successful NFC Mobile Ecosystem white papers, http://www.nfc-forum.org

Trials of this exciting new technology around the world have successfully illustrated how people carrying mobile phones with built-in NFC can make purchases, gain access, get directions, exchange information, and buy transportation simply by bringing them close to NFC-enabled devices embedded in information kiosks, retail registers, gate readers, advertising signs, vending machines, and thousands of other devices, systems and signage. However, NFC has many other applications that could simplify interaction with a variety of consumer electronic devices, such as cameras, TV’s, PC components. The uses of NFC are endless, and many exciting ideas are in development now.

5.1.1 Transit and Ticketing Transportation is the initial leading use of NFC technology. Contactless tickets have already begun to revolutionize the speed and ease with which all consumers can use public transport and access controlled environments like parking garages. Users praise NFC transactions for their speed, security, and flexibility. With NFC-enabled mobile phones, you can buy tickets, receive them electronically, use them for seamless traveling (such as “park and ride”), and then go through fast track turnstiles while others wait. Later, you can check your balance or update your tickets remotely. The cost of providing mass transport or event ticketing will be driven down because NFC-based systems reduce the cost of card issuance and management. Commuter transit systems in Europe and a number of Asia Pacific countries already use NFC-compatible contactless technologies to speed travelers through to their destinations.

Figure 4. The convenience of NFC is gaining momentum as ”seamless traveling” (e.g., bundled public transport, parking) emerges as a future trend.

5.1.2 Payment NFC-enabled mobile devices can store a payment application that is compatible with the millions of installed contactless payment readers. The intuitive simplicity of holding a mobile phone close to a terminal to purchase products or services instead of swiping or handing over a payment card reflects NFC’s potential to bring about the next major change in the way the average buyer pays for things. A phone can store information about multiple accounts, such as credit, debit and prepaid cards, allowing users to select payment instruments more easily than they would from their wallets. Transactions are also secure, with the payment application usually protected by a password. Payment information on lost or stolen phones can be remotely “deactivated,” enabling a strong layer of security.

5.1.3 Advertising Finding and gathering information is easy to do with NFC, whether by bringing a phone to a point on an indoor retail display to obtain an electronic coupon or by holding it up to a poster to download the latest

ring tone from one’s favorite musical group. NFC-enabled devices can be a great marketing tool and a source of new revenue for business. Users are surrounded with advertisements and offers of valuable information, making it easy to acquire and consume rich media content. Here lies one of NFC’s major advantages as a marketing tool: The consumer initiates the contact by bringing an NFC-enabled mobile phone to an NFC tag, effectively self-qualifying for the product or service being offered. NFC will fuel the market for advanced personal electronic devices capable of purchasing, playing, storing, and sharing media. Mobile content providers earn revenue when users choose value-added services. Travelers will find it easier to get around in an NFC-enabled world. Tourists from France can use an NFC-equipped tourism kiosk in Singapore to get information in French on their phone’s display screen. Visitors to an unfamiliar location can bring their phones close to a street-side signboard outside a museum to find out about the latest exhibition inside, translated conveniently into several languages. NFC tags can be placed nearly anywhere: inside product packaging, at cash registers and on point-of- sale equipment, or outdoors on access gates, parking meters, newspaper dispensers, offices, houses, garage doors, bus stops, or ATMs. The possibilities are as wide as the imagination.

5.1.4 Connectivity Whether you are holding two phones together to exchange electronic business card information or photos, or bringing two laptop computers together to initiate a high-speed file transfer, NFC offers several ways to speed and simplify data exchange transactions between consumer electronics products. As NFC technology penetrates throughout the office, WLAN settings, printer IDs and even maps of the building can be picked up by NFC-enabled devices, allowing mobile workers to quickly get to work in any office location. Staff members can synchronize calendars, exchange electronic business cards, and access online digital content. In short, NFC simplifies connections. To connect a Bluetooth headset to a mobile phone, for example, just place the two close together and a fast NFC “handshake” links the two devices.

5.1.5 Maximizing other Wireless Platforms Beyond the phenomenal success of the mobile phone, the adoption of mobile communications technologies has not progressed as quickly as many industry watchers have predicted. Thirteen years after its invention, Bluetooth® has become part of the everyday lives of technically progressive users, but it has by no means become ubiquitous. A similar story can be told for Wi-Fi® and ZigBee® communications protocols. That is where NFC comes in, overcoming barriers to wireless technology platform adoption by making each easier to use. Using Bluetooth as an example, one can visit a client and leave behind a Microsoft PowerPoint® presentation. Even if the presenter’s computer and the target computer are Bluetooth enabled, it is still necessary to manually set up the link between the two systems using a password to secure the transfer. But if both Bluetooth systems have NFC chips built in, a Bluetooth peer-to-peer connection can be established simply by bringing the distinctive NFC N-Mark or target mark (see Figure 5) of the first computer to the corresponding N-Mark of the second.

Figure 5. The NFC N-Mark helps users know where to hold their devices together to transfer data and key information.

The Wireless USB Promoter Group will incorporate "touch-and-go" NFC technology into the second specification of Wireless USB, version 1.1. And recently, the Wi-Fi Alliance introduced NFC as the one of four ways to configure home networks. The NFC option is widely recognized as the simplest method for setting up home networks, making use of NFC's intuitive user interface for automated out-of-band pairings of Wi-Fi devices.

Figure 6. NFC enables the two Bluetooth-enabled devices to exchange communications parameters, establish a secret key, and create a Bluetooth communication link automatically. The devices can then be moved apart as the picture copies securely from one device to the other at Bluetooth speeds.

5.1.6 A Day in the Life of an NFC Mobile Phone Figure 7 illustrates a typical day in the life of an NFC mobile phone user and shows how the device will be integrated into everyday life in the near future.

Figure 7. Life Made Easier with NFC Mobile Services

• Eric gets on a train to go to his office. • He sees a poster announcing a free concert this evening. He touches his NFC mobile phone to the N-Mark on the poster and transfers the detailed information onto his phone. He reserves seats for the concert with his mobile phone, using mobile communications (e.g., SMS, internet, packet-based connections), and the complimentary tickets are sent to his mobile phone. He sends a text message to his wife to invite her to the concert and dinner. • When he arrives at his office, he touches his NFC mobile phone to the office gate and opens the door. • At lunch time, he pays for his meal using one of the credit cards stored in his phone. • After lunch, he visits the office of his new business partner for a meeting. Those attending the meeting exchange their business cards stored in their NFC mobile phones by touching their phones together. • He meets his wife at 6 PM, and they go to the concert venue. He touches his NFC mobile phone to a turnstile at the entrance to the concert, their reservations are confirmed, and they are admitted. • They visit a shopping center after the concert, where they go shopping and have dinner. • When they arrive at their house, he realizes that he has left his NFC mobile phone on the train. He immediately calls the mobile network operator and makes a request to disable all active NFC services in the phone. If his NFC mobile phone is later found, he will be able to reactivate these services.

5.2 NFC Technology 18 Near Field Communication technology evolved from a combination of contactless identification and interconnection technologies. NFC-enabled devices are specified by standards in ISO/IEC, ETSI and ECMA International and by specifications published by the NFC Forum. In June 2006, the NFC Forum took a significant step to enable manufacturers and applications developers to create powerful new consumer-driven products when it unveiled NFC technology architecture and announced the first Forum-approved specifications. Additional details on NFC standards can be found in CSCIP Module 1, Section 5.2.1.3. As illustrated in Figure 8, NFC devices are unique in that they can change their mode of operation to be in reader/writer mode, peer-to-peer mode, or card emulation mode. The different operating modes are based on the ISO/IEC 18092 NFC IP-1 and ISO/IEC 14443 contactless smart card standards. • In reader/writer mode , the NFC device is capable of reading NFC Forum-mandated tag types, such as in the scenario of reading an NFC smart poster tag. NFC Forum compliant devices in NFC Forum reader/writer mode must support the RF requirements for ISO/IEC 14443A, ISO/IEC 14443 B and FeliCa as outlined in the relevant parts in the ISO 18092. • In peer-to-peer mode , two NFC devices can exchange data. For example, Bluetooth or WiFi link set up parameters can be shared or data can be exchanged such as virtual business cards or digital photos. Peer-to-peer mode is standardized on the ISO/IEC 18092 standard. • In card emulation mode , the NFC device appears to an external reader much the same as a traditional contactless smart card. This enables contactless payments and ticketing by NFC devices without changing the existing infrastructure.

18 Source: NFC Forum Technical FAQ, http://www.nfc-forum.org/resources/faqs/

Figure 8. NFC Forum Technology Architecture

The NFC Forum has mandated four tag types to be operable with NFC devices. This is the backbone of interoperability between different NFC tag providers and NFC device manufacturers to ensure a consistent user experience. The operation specifications for the NFC Forum Type 1/2/3/4 Tags provide the technical information needed to implement the reader/writer and associated control functionality of the NFC device to interact with the tags. Type 1/2/3/4 Tags are all based on existing contactless products and are commercially available. Tag types include: • NFC Forum Type 1 Tag. The Type 1 Tag is based on ISO/IEC 14443A. Tags are read and re- write capable; users can configure the tag to become read-only. Memory availability is 96 bytes and expandable to 2 Kbytes. Communication speed is 106 Kbit/s. • NFC Forum Type 2 Tag. The Type 2 Tag is based on ISO/IEC 14443A. Tags are read and re- write capable; users can configure the tag to become read-only. Memory availability is 48 bytes and expandable to 2 Kbytes. Communication speed is 106 Kbit/s. • NFC Forum Type 3 Tag. The Type 3 Tag is based on the Japanese Industrial Standard (JIS) X 6319-4, also known as FeliCa. Tags are pre-configured at manufacture to be either read and re- writable, or read-only. Memory availability is variable; theoretical memory limit is 1MBytes per service. Communication speed is 212 Kbit/s or 424 Kbit/s. • NFC Forum Type 4 Tag. The Type 4 Tag is fully compatible with the ISO/IEC 14443 standard series. Tags are pre-configured at manufacture to be either read and re-writable, or read-only. The memory availability is variable, up to 32 KBytes per service. The communication interface is either Type A or Type B compliant and its speed is up to 424 Kbit/s. The NFC Forum has released 16 specifications, as of September 2010: • NFC Data Exchange Format (NDEF) • NFC Record Type Definition (RTD)

• NFC Uniform Resource Identifier (URI) Service Record Type Description • NFC Text Record Type Description • NFC Smart Poster Record Type Description • NFC Tag Types 1-4 • NFC Generic Control RTD Technical Specification • NFC Forum Connection Handover Technical Specification • NFC Forum Connection Handover 1.2 Technical Specification • Digital Protocol Technical Specification (candidate release) • Signature RTD Technical Specification (candidate release) • NFC Logical Link Control Protocol (LLCP) Technical Specification • NFC Activity Technical Specification (candidate release)

5.3 NFC Mobile Ecosystem and Convergence with Contactless Card Technology Within the last few years, contactless card technology has been maturing and has been adopted by major sectors such as transport, payment, and retailing. In parallel, mobile phones with the additional offerings of Internet and multimedia services have successfully entered people’s lifestyles. Contactless card technology can now expand its domain of applicability by adding contactless functionality to the mobile phone. The Near Field Communication (NFC) mobile service, which leverages the current contactless infrastructures, has just started to emerge. In some countries, services benefiting from the convergence of contactless card technology and mobile phones have already been introduced commercially, and these converging services are ubiquitous and successful. This section describes the NFC mobile ecosystem. As shown by the arrows in Figure 9, the current contactless business domain is expanding into domains including NFC mobile business opportunities. In some mass market businesses such as transport or payment, a contactless infrastructure already exists in a growing number of schemes, and users have some experience with those contactless services. The NFC mobile phone will enhance these existing services and provide opportunities for new revenue sources. The NFC mobile ecosystem can be built as a new marketplace, and its success depends on the win-win relationships among all the stakeholders. The NFC mobile ecosystem extends the current contactless ecosystem model with additional functionality. There are multiple possibilities for ecosystem players to provide the mobile system functionalities, which are identified in the following description of key functionalities.

Figure 9. The NFC Mobile Ecosystem

5.3.1 Key Functionalities

5.3.1.1 Service Provisioning Service provisioning is a function of the current contactless business enabling users to subscribe to and receive their personalized contactless cards, and this capability will expand for NFC mobile services. The functions to which a user subscribes and the functions of the service provisioning preparing the personalization data will ride upon the existing infrastructure. New functionalities such as remote user management and authentication will then emerge due to the availability of a connected network. This key functionality is usually performed by the service providers.

5.3.1.2 Mobile Network Provisioning Mobile network provisioning, while existing in the mobile domain, adds new functionality to the contactless domain to realize the NFC mobile ecosystem. It includes functionalities to maintain the network infrastructure, to provide data connectivity service to users, to offer user authentication for ensuring that only contracted users can connect to the mobile network, and to offer user care for the data connectivity service. This key functionality is usually performed by the MNOs (Mobile Network Operators) or MVNOs (Mobile Virtual Network Operators).

5.3.1.3 Trusted Service Manager 19 The Trusted Service Manager (TSM) provides a contact point between service providers and NFC mobile phones. Service providers can provide NFC mobile phones with remote multi-application management functionality through the TSM. See Sections 5.3.3.1 and 5.3.3.2 for more discussion on the TSM.

19 The terminology TSM (Trusted Service Manager) can be used to mean either an ecosystem player or a functionality. In this paper, TSM is used strictly to mean a functionality that is independent of ecosystem players.

This new functionality includes the following: • Issuing and managing a trusted execution environment • Assigning trusted areas within a trusted execution environment to s specific service • Managing keys for a trusted execution environment • Securely downloading applications to NFC mobile phones • Personalizing applications • Locking, unlocking and deleting applications according to requests from a user or a service provider These functionalities can be performed by mobile network operators, service providers or third parties, and all or part can be delegated by one party to another.

5.3.2 Ecosystem Players

5.3.2.1 Users An NFC mobile service user is required to have an agreement with the service provider of an NFC mobile service prior to its first use. In addition, the user is required to subscribe to the mobile network provisioning service and have an NFC mobile phone in order to make use of NFC mobile services. In the era of the plastic card, users typically need to have a different contactless card for each service, but when the NFC mobile phone becomes available, they can put all their services on one mobile device.

5.3.2.2 Chipset Manufacturers Chipset manufacturers provide the integrated circuit components (ICs) needed for all NFC devices, in line with the relevant technical standards (ISO/IEC, Ecma, ETSI, and NFC Forum). Chipset development is carried out in close cooperation with handset manufacturers and service providers in order to fulfill application requirements. These chipsets include: • ICs for the NFC controller, including device drivers and middleware, as used in handsets and reader/writer terminals • ICs for the trusted execution environments (UICC, embedded, removable for phones, and SAMs for terminals), including in many cases the pre-personalization of such devices • ICs for smart tags (e.g., as used in smart posters) Chipset manufacturers contribute to standardization efforts in relevant organizations, based on their experience in NFC and related areas such as RFID and contactless smart cards.

5.3.2.3 NFC Handset Manufacturers Handset manufacturers design and produce NFC mobile phones according to industry standards. They provide capabilities for service providers to develop applications that provide an intuitive experience to users. Handset manufacturers compete by providing attractive combinations of design, price and feature sets, where NFC capabilities make applications and service offerings easier to use, and also by enabling new usage scenarios for phones. The integration of cutting-edge technologies and services in mobile phones will contribute to a flow of innovations and acceptance that encourages users to adopt NFC services and also to upgrade their current mobile devices to NFC mobile phones offering these services.

5.3.2.4 NFC Reader/Writer and Tag Manufacturers NFC reader/writer and tag manufacturers design and produce devices according to requirements from service providers and industry standards. They also deliver the following values to the ecosystem in order to reduce the implementation efforts of service providers: • Secure methods of fulfilling customer requirements – Tamper resistance – Encryption of communication channel and/or contents – Encryption key management by service providers • Software (e.g., drivers, middleware and software development kits (SDKs)) • Interoperability management and quality management NFC reader/writer and tag manufacturers cooperate with mobile network operators, NFC handset manufacturers, and service providers to make the devices capable of communicating with new form factors and to support new communication logic, such as is offered by peer-to-peer (P2P) mode.

5.3.3 Key Factors in Building a Successful NFC Mobile Ecosystem The NFC mobile ecosystem is an expansion of the current contactless ecosystem, mainly targeting contactless card businesses. To be attractive and successful, it must create value, and to achieve that goal, it requires the addition of new functionality on top of the current card business. On the other hand, depending on the marketplace, the NFC mobile ecosystem must be open enough to support the variety of existing and future models. To be successful it must support a win-win relationship among all the ecosystem players. This section considers the key factors for building a successful NFC mobile ecosystem from the viewpoint of the potential players, especially targeted to the new functionalities.

5.3.3.1 Mobile Network Operators The evolution of a mobile phone into an NFC mobile phone will provide mobile network operators with opportunities to develop new business areas. NFC mobile services will increase the opportunity for mobile usage in many new situations, as explained in the use cases. To achieve this, it is not sufficient to offer the contactless card functionalities separately from those of a mobile phone. It is vital to create and offer new value by combining the functionalities of both mobile phones and contactless cards. When an NFC mobile phone supports the multi-application capability, it will not only boost convenience for users by allowing them to use many applications in one device, but will also stimulate the NFC market by increasing the number of users of NFC mobile services. Smooth introduction of the multiple- application capability is one of the key success factors. A second essential factor is to guarantee to users and service providers a trusted end-to-end system for their applications and data. This will be achieved via the TSM functionality. The TSM is the contact point that links mobile network operators, service providers and NFC mobile phones, and it provides the functionality of remote multi-application management. While there will be many possible models showing who might provide the functionalities that make up the TSM, mobile network operators and service providers are the leading potential candidates. It should be noted that, whatever model may be selected, it is vital to clearly specify the responsibilities of each ecosystem player within the specific model. How the functionalities of the TSM are divided and provided by the ecosystem players is another of the key factors for success.

5.3.3.2 Service Providers From the service providers’ point of view, a key success factor is improving their existing contactless services. Users will adopt NFC mobile services only if they feel that they are receiving new functionality and/or advantages. On top of the existing contactless card services, it now becomes possible for service providers to offer personalized advertisements or messages to the same device that is hosting the contactless card. With the contactless card, the methods of providing such information are either

asynchronous, with the card being touched on the reader/writer, or delivered through a completely separate channel (e.g., email). Compared to this model, an NFC mobile phone is always connected to a mobile network, and service providers can send messages to the phone anytime and anywhere. An interactive real-time and fine-grained one-to-one user management scenario becomes possible and makes NFC mobile service more attractive to users. Service providers will benefit from the increased number of NFC services and a higher frequency of usage by supporting the multi-application capability of an NFC mobile phone. The TSM also provides an important functionality for service providers. The trustworthiness of the TSM guarantees that they can put multiple applications in one device safely, which is ensured by the TSM’s management of the trusted area. Service providers also expect that freedom of their service management is guaranteed.

5.3.4 Conclusion The contactless card has evolved into an NFC mobile phone by adding the functionalities of a mobile phone. An NFC mobile phone has three advantages compared to existing contactless cards: interactivity, remote multi-application management, and remote user management. To realize these advantages, a stand-alone NFC mobile phone is not sufficient, as cooperation with back- end server functionalities is necessary. New players who provide such new functionalities need to be added, and the current contactless ecosystem will expand into the NFC mobile ecosystem. Because there are multiple possibilities as to which ecosystem players will provide which new functionalities, this section has identified them as functionalities instead of specifying players. NFC mobile services are at an emerging stage, and this section is a “snapshot” of the current phase. The contactless card business and the mobile communication business have developed on different paths and have different business cultures. To create and expand the new ecosystem, the participation of new players from different business domains should be encouraged.

There are two key factors in ensuring success for NFC mobile services: • The first is that the NFC mobile ecosystem should support a variety of existing and future business models. The ecosystem should embrace new players as well as industries having well established business models in place. To be successful it must support a win-win relationship among all the ecosystem players. • The second is that the responsibilities of each ecosystem player should be clearly specified within a specific model. The roles of the players change based on phases of ecosystem maturity, geographic regions, and target vertical industries. A variety of solutions should be available in conjunction with development of NFC mobile services, and these solutions should be selected based on support for a viable ecosystem. The mobile NFC ecosystem represents a convergence of differing business cultures. This presents an opportunity to develop new businesses and markets. The variety of ecosystem players involved will stimulate the development of new NFC mobile services. 5.4 The NFC Forum NFC is already well on the path to widespread adoption because it clearly points the way to greatly expanded wireless communications. But for NFC to flourish on a truly wide scale, consumer-oriented companies need to work together. To that end, the Near Field Communication Forum was formed in 2004. An initial gathering of three companies has swelled to over 140 members representing manufacturers, applications developers, retailers, financial services institutions, government, transport organizations, and non-profits.

Working together, the Forum promotes the use of NFC technology in consumer electronics, mobile devices, and PCs by providing a highly stable framework for extensive application development, seamless interoperable solutions and extraordinary security. To meet that goal, the NFC Forum: • Develops standards-based specifications that define NFC device architecture and protocols for interoperability. • Encourages the use of NFC Forum specifications. • Works to ensure that products claiming NFC capabilities comply with NFC Forum specifications. • Educates consumers and enterprises globally about NFC. NFC Forum-certified products, designed to work in concert with other wireless technologies, will offer intuitive access to content and services, making it possible for nearly any consumer to pay for physical goods, enter controlled environments like arenas or transit stations, and access digital services anywhere, at any time, using any NFC-Forum-compliant device anywhere, at any time. 5.5 NFC Deployment Status NFC technology has been deployed in hundreds of pilots or commercial services worldwide, supporting mobile marketing (e.g., coupons and loyalty programs), mobile payments, mobile ticketing applications, and applications using non-mobile devices such as personal computers and printers. Table 1 lists examples of NFC projects and announcements, illustrating the breadth of interest worldwide and the variety of applications being implemented. Table 1. Examples of NFC Projects and Announcements 20 Location Participants Status NFC Applications Deployed Australia 21 Telstra, National Australia Pilot completed Payment Bank, Visa, GSMA Pay-Buy- in November Mobile project 2008 Austria 22 Mobilkom Austria, Innovision Pilot launched WAP page access; transit tickets Research & Technology, March 2009 Nokia, ÖBB China 23 China Unicom, Beijing Commercial Payment for retail and transit purchases Municipal Adminstration and service, launched Communications Card Co in June 2010 (BMAC), Watchdata Czech Telefonica O2, Nokia, PMDP Commercial Payment for retail and transit purchases Republic 24 service, launched May 2010 France 25 Air France, Amadeus, IER Pilot, launched NFC-based boarding pass

20 Sources: National Retail Federation white paper, "Mobile Retailing: A Comprehensive Guide for Navigating the Mobile Landscape, July 2010; Smart Card Alliance white paper, "Chip-Enabled Mobile Marketing," October 2010; Near Field Communications World, http://www.nearfieldcommunicationsworld.com/list-of-nfc-trials-pilots-tests-and- commercial-services-around-the-world/ 21 http://www.nearfieldcommunicationsworld.com/2009/02/24/3780/australias-first-nfc-trial-hailed-a-success/ 22 http://www.nearfieldcommunicationsworld.com/2009/03/19/3878/mobilkom-austria-customers-to-use-nfc-tags-to- access-wap-pages/ 23 http://www.nearfieldcommunicationsworld.com/2010/06/09/33896/china-unicom-launches-nfc-payments-service-in- beijing/ 24 http://www.nearfieldcommunicationsworld.com/2010/05/27/33754/telefonica-o2-launches-first-commercial-nfc- service-and-sets-out-strategy-for-future-deployments/ 25 http://www.nearfieldcommunicationsworld.com/2009/04/24/3980/air-france-tests-nfc-boarding-passes-at-nice- airport/

Location Participants Status NFC Applications Deployed April 2009 France, Orange-France, SFR, Commercial Payments for retail and transit purchases Nice 26 Bouyges Telecom, NRJ service Mobile, BNP Paribas, Credit announced in Mutuel, Veolia, Samsung, May 2010 Gemalto, Oberthur France, La Croissanterie, Rica Lewis, Commercial Loyalty application Nice 27 Game, Airtag, Orange- service, launched France, SFR, Bouyges June 2010 Telecom, NRJ Mobile, France 28 Orange Business, Samsung Commercial Time and attendance tracking service, launched June 2010 France, STIF, Neowave Pilot, launched Ticketing Paris 29 Feb. 2010 Germany 30 Vodafone, T-Mobile, Pilot, launched Ticketing Telefonica O2 Germany, Deutsche Bahn, Atron, Giesecke & Devrient, NXP India, Citi, Vodafone Essar, Pilot, completed Payment; smart posters with coupons and Bengaluru 31 ViVOtech, Nokia, MasterCard in March 2010 offers Japan, KDDI, Softbank Mobile, SK Announcement, MOU to move to NFC standard from existing Korea 32 Telecom July 2010 non-NFC mobile contactless services (payment) Japan 33 KDDI, Toyota, MasterCard, Pilot, launched Payment, travel services, ticketing, smart Orient Corp., Credit Saison, April 2010 posters, plus other services. Compliant with ANA, JAL, Toho Cinemas, GSMA PayBuyMobile specifications. IBM, NTT Data, Hitachi, Gemalto, Nomura Research Institute, Dai Nippon Printing, T-Engine, Japan Remote Control Co. Malaysia 34 Maxis, Nokia, Maybank, Commercial Payment for retail, toll, transit, parking and Touch 'n Go, Visa service, launched theme park purchases April 2009 Poland 35 PTC, Inteligo, MasterCard, Pilot launched Payment

26 http://www.nfctimes.com/news/french-make-it-official-nice-nfc-launch 27 http://www.nearfieldcommunicationsworld.com/2010/06/17/33943/french-retailers-begin-the-move-to-nfc-loyalty- programmes/ 28 http://www.nearfieldcommunicationsworld.com/2010/06/14/33925/orange-france-launches-nfc-time-and- attendance-service/ 29 http://www.nearfieldcommunicationsworld.com/2010/02/11/32680/paris-transport-operators-begin-nfc-ticketing-trial/ 30 http://www.nearfieldcommunicationsworld.com/2010/04/27/33523/frankfurt-transport-network-gets-nfc-and-qr-code- smart-posters/ 31 http://www.edgardunn.com/pointsOfView/showpov.cfm?instanceid=100021&type=whitepaper&popup=1, http://www.paymentssource.com/news/nfc-mobile-payments-exceed-30bn-2012-2697861-1.html 32 http://www.nearfieldcommunicationsworld.com/2010/07/15/34145/kddi-softbank-mobile-and-sk-telecom-to- introduce-nfc-standard-services-in-japan-and-korea/ 33 http://www.nearfieldcommunicationsworld.com/2010/04/22/33481/kddi-to-run-multiple-nfc-tests-in-japan/ 34 http://www.nearfieldcommunicationsworld.com/2009/04/27/3993/first-commercial-nfc-service-launched-in-malaysia/

Location Participants Status NFC Applications Deployed Samsung, Giesecke & June 2010 Devrient, Venyon Russia 36 Moscow Metro, MTS Commercial Ticketing service planned, 4Q10 Singapore 37 NETS, SingTel, ViVOtech, PIlot, completed Payments; smart posters with coupons Nokia, NXP February 2009 Spain 38 Telefonica, Visa, La Caixa, Pilot, announced Payments for retail purchases Samsung in Feb. 2010 Taiwan 39 Taiwan Mobile, Taipei Fubon Pilot, launched Payment; smart posters with coupons Bank, MasterCard February 2008 UK 40 British Telecomm, Proxama Pilot, launched Kiosk with personalized offers; smart posters November 2008 with offers and information UK 41 O2, Transport for London, Pilot completed Payment for retail and transport purchases Barclaycard, Visa Europe, in May 2008 TranSys, Nokia, AEG USA, San Sprint, BART, Jack in the Pilot, launched, Stored value payment; smart posters with Francisco 42 Box, ViVOtech, Samsung, January 2008 coupons and information Cubic, Western Union, NXP, Acumen Transit, BAH, First Data USA/New Bank of America, Visa Pilot, planned for Payments York 43 Sept. 2010 USA 44 Sheetz, Wright Express, Pilot completed Payments ViVOtech in May 2009

As of September 2010, deployment of NFC technology in commercial services has been limited due to two major factors: • The complexity of the ecosystem required for secure NFC application implementation, with multiple industry participants involved and complex business relationships and requirements needing to be defined. • The limited availability of mobile handsets and devices that support NFC. The industry and analysts are optimistic that NFC handsets will become more widely available in 2011 and commercial services will see significant growth. For example, Juniper Research predicts that NFC

35 http://www.nearfieldcommunicationsworld.com/list-of-nfc-trials-pilots-tests-and-commercial-services-around-the- world/ 36 http://www.nearfieldcommunicationsworld.com/2010/06/23/34014/moscow-metro-and-mts-to-launch-nfc-ticketing- service-in-q4-2010/ 37 http://www.nearfieldcommunicationsworld.com/2009/06/09/31312/dairy-queen-tests-stickers-for-targeted-mobile- coupon-campaigns/ 38 http://www.nearfieldcommunicationsworld.com/2010/02/11/32661/telefonica-announces-nfc-trial-in-sitges-spain/ 39 http://www.nfctimes.com/project/taiwan-taiwan-mobile-holds-trial-though-promised-rollout-delayed 40 http://www.proxama.com/case-studies/16/NFC-Propositions-for-a-Retail/ 41 http://www.mobilemarketingmagazine.co.uk/content/o2-launches-major-london-nfc-trial 42 http://www.nfctimes.com/project/us-multiapp-trial-involves-transit-agency-fast-food-restaurant 43 http://www.nearfieldcommunicationsworld.com/2010/08/19/34339/bank-of-america-to-run-nfc-payments-trial-in- new-york/ 44 http://www.progressivegrocer.com/progressivegrocer/content_display/supermarket-industry- news/e3i7ee3d207fbb1fda3276468ecc9b11b2b

mobile payment transaction values will grow from $8 billion in 2009 to $30 billion by 2012 and $110 billion by 2014.45 Juniper also forecasts that one in every six mobile subscribers globally will have an NFC- enabled device by 2014. The NFC Forum’s certification program is also expected to move the market, enabling devices to receive certification for global use.

5.6 Security and NFC Applications While not all NFC applications require security, those that involve financial transactions or certain mobile marketing applications (e.g., coupons and loyalty) require a "secure element" within the phone to securely store applications and/or credentials (e.g., financial account numbers) and provide for secure execution of applications. The secure element (secure memory and execution environment) is a dynamic environment in which application code and application data can be securely stored and administered and in which secure execution of applications occur. The element resides in highly secure crypto chips 46 (usually a smart card chip). The element provides delimited memory for each application and functions that encrypt, decrypt, and sign the data packet. The secure element present in mobile devices is GlobalPlatform compliant to provide better interoperability. 47 The following content is from the Eurosmart position paper, "NFC Trends." The Smart Card Alliance thanks the Eurosmart for their contribution. 48 Several secure element architectures and solutions are available to address the requirements of customers and markets. All of the solutions require the NFC controller to communicate with the secure device. Solutions differ primarily in the location that the secure application is hosted and include: • UICC (SIM)-based secure element . The UICC smart card hosts the secure NFC application (e.g., banking, transportation) in addition to the standard functionalities of the SIM card. The UICC secure element has been standardized by ETSI and supports the Single Wire Protocol (SWP) to communicate with the NFC controller. • SD card-based secure element . A tamper-resistant hardware component based on smart card technology that can be removed from the mobile phone and that is based on standard form factors (e.g., microSD) serves as the secure element. Solutions with very complex integration levels (i.e., secure element and antenna in the SD card) are available that only use the mobile phone as user interface device. Other solutions merge more completely with the NFC environment of the mobile phone. • Embedded hardware secure element . A tamper-resistant, hardware component based on smart card technology is soldered into the mobile phone and serves as the secure element. Several field trials have been done based on this solution, which has a maturity level comparable to the UICC. • Secure element features integrated in the mobile device baseband processor . This approach implements the secure element in a secure memory area in the baseband processor. In order to be tamper-resistant, the secure memory is totally separated by firewall from the other parts of the baseband processor. This approach is currently a more long-term solution, as the security level does not yet match mainstream secure elements. All of these architectures rely on the same standards for application development, over-the-air provisioning, remote personalization and life cycle management. As a consequence, the NFC

45 Juniper Research, "NFC Mobile Payments & Marketing Opportunities, Forecasts & Analysis 2009 – 2014" 46 A crypto chip is a powerful, high-speed, programmable cryptographic engine for operating private and public key- based encryption systems. 47 "Security of Proximity Mobile Payments," Smart Card Alliance white paper, May 2009, http://www.smartcardalliance.org 48 http://www.eurosmart.com

applications will share the same development environments and architectures regardless of the secure element architecture, thus ensuring a maximum re-use and interoperability of service providers‘ investments. The most common execution environments for NFC applications are: • Java Card™ and GlobalPlatform in the secure element. Java Card™ is the main execution environment for secured applications in the secure element and could rely on the SIM Toolkit or the Smart Card Web Server for implementing a man-machine interface. GlobalPlatform will be used as the main life cycle management standard regardless of secure element architecture. • Java for Mobile in the handset. The man-machine interface of the NFC applications is likely to use Java for Mobile in most phones (except smartphones) with its NFC related API: JSR257 for NFC services and JSR177 for exchanges with the secure element.

5.6.1 UICC (SIM)-Based Secure Element In this architecture, the NFC chip communicates with the UICC using the Single Wire Protocol (SWP) (see Figure 10), which has been an ETSI standard since 2008. The UICC hosts the applications in a trusted environment. These applications can be enabled by the NFC chip. Since the UICC will also operate as the standard SIM card in the mobile phone, services like over-the-air updates (e.g., provisioning, personalization, life cycle management) can be performed. This capability offers the possibility for installing additional applications (e.g., payment, ticketing, access, loyalty) on the UICC and to increase the services of NFC products in the field. Pre- and post-installation of applications and user information is possible. Figure 10. UICC-Based Secure Element

5.6.2 SD Card-Based Secure Element This NFC approach combines a secure smart card chip and optional external flash memory in a microSD card form factor. This form factor is currently used in many handheld electronic devices such as digital cameras, mobile phones, car radios, computers, and MP3 players. The smart card chip used in the microSD and UICC have the same security level. In this architecture (see

Figure 11), the microSD hosts applications in a secure environment that can be enabled by the NFC chip. Both security chips, the microSD card and the UICC, act as independent secure elements with different interfaces to the NFC device. Target applications are payment, ticketing, access, and others. Since the over-the-air update of the microSD card will be possible, pre- and post installation of applications could be supported.

Figure 11. SD Card-Based Secure Element

5.6.3 Embedded Hardware Secure Element As in the previous solutions, the embedded secure element is based on smart card technology. In this case the embedded secure element is embedded in an electronic package and is hardwired to the mobile phone (and thus is not removable). (See Figure 12.) This is the main difference from the UICC and microSD™ card solutions. The embedded secure element has the same security level as the other solutions and works independently from other secure elements in the mobile phone environment. The NFC controller can enable the secure applications stored on the embedded secure element. Target applications are payment, ticketing, access, and others. In the future, the embedded secure element could additionally also host the mobile trusted module (MTM) functionality, helping to secure the mobile phone. Each of the target applications could be installed based on the user's request during the life cycle of the mobile phone. Figure 12. Embedded Hardware Secure Element

5.6.4 Secure Element Integrated in the Mobile Device Baseband Processor This approach will not require an additional device for the storage of the secure application (e.g., microSD card or embedded secure element or the UICC). The host of the secure application will be the mobile phone's baseband processor, using portions of secure memory and processing. (See Figure 13.) The current secure baseband processors (SBP) could functionally be used as a secure element. However, secure baseband solutions have not yet been subject to security certification nor regulatory approval in the payment industry and do not reach a security level comparable to a dedicated security controller. The NFC controller can enable the secure applications stored in the SBP. Target applications are payment, ticketing, access, and others. The SBP could be accessed over-the-air for installation, personalization and updates of the secure applications. Figure 13. Secure Element Integrated in the Mobile Device Baseband Processor

5.7 Status of NFC Technology The following content is from the Eurosmart position paper, "NFC Trends," with updates from the NFC Forum The Smart Card Alliance thanks Eurosmart and the NFC Forum for their contributions.49

5.7.1 Standards A rich set of standards has evolved supporting NFC technology and applications from global standards bodies.

5.7.1.1 GSM Association From January 2007 to November 2008, this leading association of mobile network operators published a set of four position papers, requirements documents and technical guidelines defining a functional architecture with the SIM card as the main secure element. The GSMA has notably been the first to draft the TSM (Trusted Service Manager) functional role as the cornerstone of the NFC architecture. In 2010, GSMA, in collaboration with the European Payment Council published the document, Trusted Service Manager: Service Management Requirements and Specifications , providing clarity for the TSM roles in the European market.

49 http://www.eurosmart.com

The GSMA Requirements for SWP NFC handsets document, published in November 2008 and aimed to handset vendors, is setting the pace for most NFC handsets released in 2009. This document is being further developed in 2010. In addition, the GSMA Pay-Buy-Mobile (PBM) project defined the framework and approach for NFC- enabled mobile payments using the UICC secure element. According to GSMA, 57 mobile operators serving over 1.7 billion subscribers are supporting the PBM project, with many engaged in trials and product launches. 50

5.7.1.2 NFC Forum The NFC Forum was formed in 2004 to promote the use of NFC technology in consumer electronics, mobile devices, and PCs by providing a highly stable framework for extensive application development, seamless interoperable solutions, and extraordinary security. As of February 2010, the NFC Forum has released 17 specifications. (See additional information in Section 5.2.)

5.7.1.3 ETSI ETSI, the reference standard body for mobile telephony, has been active in defining the SIM card as the standard secure element. Since 2006, ETSI has defined the Single Wire Protocol (SWP) interface between the UICC and the NFC chip and the Host Controller Interface (HCI) to act as a router protocol between the secure element(s), the mobile handset and the NFC chip. Both protocols have been through first integration and field test under the umbrella of the GSMA and leading MNOs in the past 3 years. (The first handsets supporting SWP and HCI were released in 2006 and more than 15 handsets have been released so far.) SWP and HCI are now in a reasonable stage of maturity, still undergoing minor revisions, and have been implemented by the major SIM card and NFC chip vendors.

5.7.1.4 GlobalPlatform GlobalPlatform (GP) is defining the reference protocol for secure application provisioning, remote personalization and life cycle management. The GP protocol is to be integrated in the secure element, regardless of the format (UICC, embedded secure element or SD-card-based secure element).

5.7.1.5 Bluetooth Special Interest Group In July 2007, the Bluetooth Special Interest Group (SIG) adopted NFC as a simplified pairing protocol (also known as out-of-band (OOB) pairing) in the Bluetooth 2.1 release. A pre-version has already been implemented by device vendors like Nokia and Parrot (for loudspeakers and picture displays). A usual Bluetooth pairing process requires up to 12 keystrokes to be completed, while NFC-enabled pairing greatly simplifies the process, requiring only one keystroke (yes/no selection). This specification has been complemented by the NFC Forum Connection Handover Technical Specifications.

5.7.1.6 Wi-Fi Alliance The Wi-Fi Alliance adopted NFC in January 2007 as one of the lead pairing mechanisms in its Wi-Fi Protected Set-up (WPS) requirements. NFC WPS is aiming at simplifying the pairing and security management of Wi-Fi networks. This specification has been complemented by the NFC Forum Connection Handover Technical Specifications.

50 http://www.gsmworld.com/our-work/mobile_lifestyle/mobile_money/pay_buy_mobile/index.htm

5.7.2 Certification The NFC Forum is setting up a certification program to certify NFC devices starting in the second half of 2010. This program will integrate the following NFC Forum specification set: • Digital Protocol • Activity Based on these specifications, NFC devices can behave as NFC reader/writers, peer-to-peer communication and card emulation devices. The NFC Forum is regularly organizing plug-fests with NFC vendors where all members can debug their early implementations. Major applications based on card emulation will require going through a specific certification program for both the handset and the SIM (if the UICC is used as the secure element). This applies for payment and transport applications, while other applications will depend on the application vendor or service provider certification policy. Those certification processes will enforce the interoperability of the secure elements and devices coupling with the installed base of the application‘s readers. Both Visa and MasterCard propose certification programs for mobile devices embedding payment applications. Those programs target the usual application, analog and digital parts. Payment certification, or part of it, is likely to merge in the EMVCo certification requirements in the medium term. The situation is not as clear for transport applications as each transport authority has its own certification process. It is likely that each NFC device will have to undergo those certification processes. The secure element, whether it is the UICC, an embedded secure element or an SD card-based secure element, would be submitted to the usual security certifications for its embedded payment applications (e.g., Cast for MasterCard, Visa Risk for Visa). For the secure element, both ETSI and Global Platform propose a declarative certification process using test suites and tests tools to be published.

5.7.3 NFC Device Availability In the past four years, the target segment for NFC has been mobile phones to provide opportunities to leverage the success stories of mobile contactless integration developed in Japan with Docomo and in Korea with SKT and KTF. However, NFC‘s potential has stimulated the creativity of consumer electronics, laptops and numerous other device vendors, with several major manufacturers already shipping NFC-enabled devices.

5.7.3.1 Mobile Phones The first "proto-NFC" mobile phone was the Nokia 5141, unveiled at the GSM World Congress in February 2005. Since then, most mobile phone vendors have prototyped NFC phones in both GSM and CDMA standards (including the top five vendors who command nearly 80% of the market and numerous tier 2 (e.g., Sagem) and tier 3 (e.g,, BenQ, ZTE, Huawei in Taiwan and China) vendors). Most of the leading handset manufacturers have now implemented NFC technology prototype phones that have been used in the more than 100 NFC trials around the world.

5.7.3.2 Laptops and PCs The leading use case to integrate NFC with the PC is to offer a reader for contactless applications (e.g., for online payment access or transport ticketing) or to provide a new interface for access control (rather than integrating contact smart card readers).

A few laptops (e.g., Vaio from Sony and enterprise market computers from Lenovo and Dell) and a couple of accessories (e.g., desktop keyboards) are now offering an NFC interface.

5.7.3.3 Consumer Electronics There have been quite a number of prototypes and demonstrations of NFC-enabled TVs (including consumer electronics giants like Sony and Philips) with use cases for applications such as digital rights management and payment for video-on-demand. A major use case in the consumer electronics market is the easy pairing of either Bluetooth devices or Wi-Fi networks (using the Wi-Fi protected set-up from the Wi-Fi Alliance) to support the growth of the connected home paradigm (e.g., home media servers, multimedia set top boxes and DSL boxes).

5.7.3.4 Other Devices USB keys or dongles started integrating NFC about two years ago, with the leading use case being a low cost NFC reader for PCs that could be used for multiple contactless applications (e.g., strong authentication for online banking, purchase of transport tickets on the Internet). Vendors like Neowave in France or SCM in Austria have been pioneering this segment. More innovative devices, like the TazCard from TazTag (which is a standalone multi-application wallet with a touch-screen interface presented at the latest Consumer Electronics Show), are about to be released and are already raising significant interest from large industry players.

5.7.3.5 Bridge Products The following content is from the Smart Card Alliance white paper, "Chip-Enabled Mobile Marketing." 51 With the lack of commercial NFC-enabled products, bridge products are now being offered that can provide NFC capabilities to current mobile devices. These bridge products can help to accelerate the deployment of NFC applications by incorporating a set of NFC features in currently-available mobile devices. Examples include stickers with no integration with the phone, and stickers and peripherals that integrate with the phone using a wireless protocol (e.g., Bluetooth) or using contacts (e.g., microSD card). Figure 14 illustrates the range of NFC technology implementation approaches that are being offered. The intelligence of these bridge products varies and, therefore, so do their abilities to implement different NFC applications. For example, stickers would support only a single application in card emulation mode; typical applications for a sticker are payment or loyalty program.

51 Chip-Enabled Mobile Marketing , Smart Card Alliance white paper, October 2010, http://www.smartcardalliance.org

Figure 14. NFC Technology Implementations

Device Example Characteristics

Peripherals • Unattached device that does not interact with the phone (no integration) • Include, but not limited to, key fobs • Single application

Stickers • No direct interaction with the phone (but can interact via “the (no integration) cloud”) • Inexpensive relative to other options • Single application • Single card emulation only Peripherals • Unattached device that interacts directly with the phone via (contactless integration) some protocol (e.g., Bluetooth) • Multi-application capable • Additional power source required

Stickers • Attached device that interacts directly with the phone via some (contactless integration) protocol (e.g., Bluetooth) • Various products support card emulation only; others can support full NFC

Peripherals • Attached devices utilizing a contact interface to the phone (contacted integration) • Include, but not limited to, contactless-enabled memory card devices (microSD) and SIM-based solutions • Multi-application capable • Some full NFC capable

Embedded • NFC chip set embedded in the phone at time of manufacture • Full NFC capable • Multi-application capable

6 Pay TV Smart card technology is incorporated into conditional access systems used for digital pay TV. Conditional access systems control consumer access to content and allow broadcasters and operators to offer different fee-based content that is delivered via satellite, cable or other over-the-air systems. Conditional access modules descramble content being broadcast and protect consumer codes authorizing access to the content. Smart card technology built into the consumer's set-top box is used to encrypt and decrypt user control codes and transparently descramble broadcast signals. By incorporating a smart card module, broadcasters can update a consumer's set-top box by providing a new smart card rather than a complete new box and take advantage of smart card features to prevent compromises to the conditional access system security. Figure 15 illustrates the use of smart cards in a pay TV application.

Figure 15. Pay TV Application Additional information on conditional access modules and smart card use in pay TV systems can be found in the following Wikipedia articles: • "Television encryption," http://en.wikipedia.org/wiki/Television_encryption • "Conditional access," http://en.wikipedia.org/wiki/Conditional_access • "Card sharing," http://en.wikipedia.org/wiki/Card_sharing • "Pirate decryption," http://en.wikipedia.org/wiki/Pirate_decryption • "Conditional access to television service," http://www.wirelesscommunication.nl/reference/chaptr01/brdcsyst/dvb/paytv.htm

7 Sample Smart Card Mobile and Subscriber Models 7.1 GSM and Subscriber Privacy 52 According to the GSM Association, GSM is used in 218 countries and territories serving more than three billion people. GSM mobile phones include a smart card, the Subscriber Identity Module (SIM), which is configured with information essential to authenticating a mobile phone, thus allowing a phone to receive service whenever the phone is within coverage of a suitable network. Without a SIM card, a GSM mobile phone cannot function effectively (typically reduced to emergency service only). The GSM SIM cards do not contain the mobile phone user’s credentials or even their actual phone number. Anybody can use any phone, providing that they have possession of it and are in a coverage area and that the phone is able to authenticate to a network. In most instances, however, it can be assumed that the phone is being used by the authorized (and paying) subscriber. The GSM system implementation is based on device authentication rather than subscriber or individual identity authentication or verification. Connecting to a GSM network : The device authentication incorporated into the GSM implementation is well documented in various papers, books, and specifications. In brief, the issuer of the SIM card (the primary service provider for the subscriber) assigns a unique secret code and SIM identity number for each SIM. The number is maintained within the provider’s network authentication equipment. The same data is securely loaded into the corresponding SIM card at manufacture. For the network to be assured of the validity of the phone requesting service, the network equipment issues a challenge to the SIM in the phone. If the cryptographic result presented by the SIM is computed using the correct authentication algorithm, secret key, and challenge, the network equipment can verify the SIM’s authenticity. Making calls : When a GSM mobile makes calls, it uses signaling mechanisms to present the number being dialed to the network. The network then translates the signals into information relating to the International Mobile Subscriber Identity (IMSI), which is also loaded into the SIM. The IMSI is a unique representation of the SIM for any GSM network. The network equipment translates the dialed number into a corresponding IMSI when a call is being placed. This allows the network to locate the subscriber equipment (mobile or SIM) by virtue of a fixed device number, rather than a potentially complex, country- specific, and variable-length phone number. Billing : Once a GSM call is completed, the GSM network equipment generates a call duration record (CDR). The CDR, which includes the IMSI, is then transmitted to the provider’s billing system and routed to the subscriber’s account. Only the provider’s billing system can post the IMSI-based CDRs to actual subscriber accounts, thus matching a call to an individual who pays for it. Prepaid GSM : A different implementation of GSM creates total anonymity for the user. In this implementation, the user buys a phone and SIM card that is loaded with a monetary value for making calls. The user is not required to reveal any personal information to activate the service; all the user is required to provide is cash. As the user makes each call, charges are deducted directly from the available balance until all funds are consumed. Depending on the issuer, the implementation may also include the ability to reload monetary value to maintain or re-enable the service. Summary : The role of SIM cards in the GSM implementation is a good example of how the privacy of an individual is maintained while using mobile telephone service worldwide. Very restricted network equipment translates a phone number to an IMSI. The equipment cannot identify the subscriber. Only the billing system maintained by the issuer of the SIM can close the loop between a completed call and the entity that pays for the call. In the prepaid implementation, the individual is not required to provide any personal information whatsoever and no cross-reference to the user is possible.

52 Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology , Smart Card Alliance white paper, February 2003, http://www.smartcardalliance.org

7.2 NFC Proximity Mobile Payments The ability to pay for transit fares, groceries, and other products by simply waving a mobile phone near a point-of-sale (POS) device represents a new payment frontier. Such payments, called proximity mobile payments , are defined as payments to a merchant that are initiated from a mobile phone that uses Near Field Communication (NFC) technology and that is held close to the merchant's POS equipment. Proximity mobile payments offer new business and revenue opportunities to banks, mobile network operators (MNOs), 53 merchants, processors, and startups. This section provide an overview of the proximity mobile payments ecosystem. While a number of business models can be used to implement mobile payments, 54 the model described in this section focuses on a "collaboration model," where financial institutions, MNOs, trusted third parties and other stakeholders in the mobile payments ecosystem cooperate in the management and deployment of mobile applications. The section introduces the players, their roles, and their responsibilities in assuring the security of sensitive data.

7.2.1 Technology Overview NFC technology is a standards-based wireless communication technology that allows data to be exchanged between devices that are a few centimeters apart. Using NFC technology as the basis for proximity mobile payments leverages the infrastructure currently being deployed to support contactless credit and debit card payments made using ExpressPay™ from American Express, Discover ® Network Zip SM , MasterCard ® PayPass ™, and Visa payWave™. Implementations around the world have produced unanimous feedback that proximity mobile payment is easy and convenient. 55 NFC-enabled mobile phones incorporate smart chips that allow the phones to securely store the payment application and consumer account information and to use the information as a "virtual payment card." While these smart chips can be present in many forms, three options are typically used: smart card based subscriber identity module (SIM) cards, embedded secure elements in the phone, and secure digital (SD) memory cards. NFC payment transactions between a mobile phone and a POS terminal use the standard contactless communication protocols currently used by contactless credit and debit cards. NFC will soon be available as standard functionality in many mobile phones. NFC will allow consumers to perform safe contactless transactions, access digital content, and connect electronic devices simply. 56 An NFC chip in a mobile device can act as a card or a reader or both, enabling consumer devices to share information and to make secure payments quickly. For virtual payment cards to function on an NFC-enabled phone, a variety of entities must work together. Financial institutions, merchants, third-party systems providers, MNOs, mobile handset manufacturers, standards bodies, and industry associations all have roles and responsibilities in such an ecosystem.

7.2.2 Collaboration Model Overview Figure 16 illustrates the entities involved in the collaboration model and shows the flow of information for the issuing financial institution to provision the consumer’s payment account information to the phone and for the consumer to use the phone to make a proximity mobile payment. This model posits collaboration among financial institutions, the MNO, and other stakeholders in the mobile payments ecosystem, including (potentially) a trusted third party who manages the deployment of mobile applications (the trusted service manager, or TSM). In this figure, solid arrows are used to indicate payment related

53 Mobile network operators are also referred to as carriers. 54 Smart Card Alliance, Proximity Mobile Payments Business Scenarios: Research Report on Stakeholder Perspectives , July 2008, http://www.smartcardalliance.org 55 The New York Times, Phones as Credit Cards? Americans Must Wait , January 25, 2009. 56 NFC Forum, One Year after Launch, NFC Forum Membership hits 70 Organizations Worldwide , press release, February 22, 2006.

transactions, while outline arrows are used to indicate actions related to the personalization of the application. Financial institutions prepare the account data, and send the payment account information to a TSM. The TSM delivers the consumer's payment account information over the air (OTA) through the mobile network to the secure element in the mobile phone. Once the payment account is in the phone, the consumer can use the phone as a virtual payment card at merchants who accept contactless credit and debit payments. Payments are processed over the current financial networks with credits and debits to the appropriate accounts.

Figure 16. Collaboration Model Stakeholders

Figure 17 illustrates the security mechanisms that protect the processes used in the collaboration model. 57 Payment information personalization and lifecycle management from the issuer to the TSM are secured by standard Internet technologies such as secure sockets layer (SSL) or virtual private networks (VPNs). GlobalPlatform’s secure channel protocol provides for the communication and storage of sensitive account data between the TSM and the secure element in the mobile device. Account data is further kept secure from OTA sniffing by encryption provided by the MNO.

When the consumer uses the NFC device for payment, the transaction is protected using the same security mechanisms in place for contactless credit and debit cards. Account data is easy to secure because the chain of custody is clear and the information is never converted to a form in which it can be easily compromised.

57 Details of this model may differ for Canadian implementations.

Figure 17. Collaboration Model with Security Mechanisms

7.2.3 Collaboration Model Stakeholder Roles and Benefits

7.2.3.1 Financial Institutions/Banks Proximity mobile payments allow financial service providers to offer new, differentiated payment services to their customers, increase their credit and debit card transaction volumes, and extend their brands. In fact, institutions that traditionally lead with innovative new payment products are already piloting such services. Payment brands are also teaming with mobile device suppliers to incorporate their brands into emerging products. By leveraging the contactless merchant infrastructure currently being deployed and adding contactless payment to mobile phones, financial institutions can provide their cardholders with the same trusted payment services in a new form factor, the mobile phone. This functionality allows customers to pay more quickly and conveniently thereby increasing customer loyalty. In addition, mobile payment allows financial institutions to further penetrate cash-and check-heavy merchant segments and open new acceptance channels.

7.2.3.2 Merchants/Retailers Proximity mobile payment implementations capitalize on the existing contactless payment infrastructure and offer immediate value to merchants. Merchants who accept contactless payments have everything ready to accept proximity mobile payments. Transactions using contactless cards and proximity mobile payment devices are processed through a single, contactless-enabled POS system and the current financial networks, encouraging merchant adoption of both contactless and proximity mobile payments.

Numerous implementations worldwide have demonstrated that contactless payment offers immediate merchant benefits in the form of faster payment transactions, increased spending and improved customer convenience. Mobile payment can also help merchants establish stronger customer relationships and customer loyalty. Merchants benefit from the operational efficiencies generated by faster transactions and fewer requirements to handle cash, which lower costs and enhance customer convenience. Merchants, like financial institutions, can offer their customers purchase-related and loyalty services, such as paperless receipts. Merchants can also make their gift card and loyalty programs more effective; customers’ “payment cards” are always available in their mobile phones. Merchants will also be able to deliver advanced mobile marketing and promotion programs that leverage the mobile device and proximity technology to deliver context-sensitive messages to customers, influencing their behavior inside and outside of the store. Mobile promotions and couponing were prominent features of multiple NFC mobile payment pilots and were proven to have positive influence on consumer behavior and great acceptance by consumers.

7.2.3.3 Trusted Service Managers TSMs offer a single point of contact with mobile operators for financial institutions, transit authorities, and retailers who want to provide a payment, ticketing, or loyalty application to customers with NFC-enabled mobile phones. TSMs provide services to send and load the NFC application over the air to the mobile phone and to aggregate, send, and load personal consumer data over the air. This role parallels the role of card personalization service providers for credit and debit payment cards. In a large NFC ecosystem, use of a neutral third-party TSM can be the most desirable scenario. However, financial institutions or MNOs can also function as TSMs. The TSM manages the mobile NFC applications, providing secure download and lifecycle management services. Because the TSM does not participate in processing the payment transaction, existing payment processing business models can be maintained. Both MasterCard and Visa have strict requirements for entities that wish to act as TSMs. All TSMs are subject to security audits before being authorized to process the delivery of payment card data to a mobile device. An important TSM responsibility is to manage the cryptographic keys and system used to securely communicate the payment information from the financial institution to the consumer's mobile device. Without proper key management and security, the entire system could be exposed to attack and systemic fraud. TSMs will also need to be acceptable to the MNO, whose product will have to manage the consumer interface between the POS and the NFC application stored on the mobile phone. Proximity mobile payments offer new business opportunities for service providers including existing third- party personalization service providers, to become TSMs and offer services to MNOs and financial institutions. The role of a TSM is critical in the proximity mobile payments ecosystem since it can enable interaction among many service providers and multiple MNOs.

7.2.3.4 Mobile Network Operators The MNO’s main function in the proximity mobile payments ecosystem is to offer NFC-enabled phones to their subscribers and to deliver sensitive account data and payment applications to mobile devices. When the account data is provisioned to the secure element of the device, the MNO’s function is complete. At a very minimum, the MNO is responsible for maintaining the integrity of the cryptographic keys that protect the secure elements on the mobile devices it provides to end consumers. The MNO is also responsible for the integrity of the keys and certificates that protect communication across its radio and core networks. If the MNO has chosen to fulfill the role of the TSM, it must also implement TSM functions.

According to a Deloitte & Touche report, 58 mobile operators could see significant economic benefits from offering mobile payments. Potential benefits include new customers, reduced customer churn, and revenues from new, payment- and NFC-related services (such as text message ads and coupons). One of the challenges mobile phone operators face today is the high churn rate of their subscriber base. Operators seek applications that allow them to provide long-term services for customers and recognize that offering additional services can attract new customers and stabilize their subscriber base.

7.2.3.5 Payment Brands Tens of millions of American Express, MasterCard and Visa branded contactless credit and debit payment cards and devices have been issued worldwide, proving the value of contactless payments to both merchants and consumers. The ISO/IEC 14443-based contactless merchant POS infrastructure that is now in place to support contactless credit and debit payment can also accept NFC-enabled proximity mobile payments, providing a head-start for broad acceptance and use. The payment brands are continuing to extend their efforts to proximity mobile payments, participating in numerous pilots and working with industry groups to define the standards, specifications and processes for the new payment approach. Benefits to payment brand organizations include the ability to appear innovative and attractive to early adopter consumers. In addition to increasing the use of their branded products, proximity mobile payments offer the opportunity to continue to push broader merchant acceptance of contactless credit and debit payments.

7.2.3.6 Mobile Handset Manufacturers The proximity mobile payments ecosystem is dependent on consumers having NFC-enabled mobile phones with the secure element that stores the payment application and account information. Mobile handset manufacturers can gain a competitive advantage by offering mobile phones that support payment and other mobile applications. Just as the first camera phones captured consumer market share, so can the first mobile phones that support additional applications. Innovative mobile applications represent an opportunity for handset manufacturers to attract new customers and create additional business partnerships.

58 Deloitte & Touche, The Case for Using Mobile Phones for Payments , report, August 2004.

8 Relevant Standards and Specifications Numerous standards are relevant to smart card applications and more are created every year. They have various impacts at different levels of a smart card based-system and may deal with physical characteristics, security certifications, transmission protocols, and application loading or design. There are also industry "specifications," which are not "standards," but which play a very important role in smart card applications. Not all application specifications are listed in this section, though some of the important industry-focused applications are included. Standards are voluntary, but are generally adhered to in the interest of achieving conformity and interoperability. A brief synopsis of the various smart card standards and specifications is included in this section. Additional information can be found in the body of work referenced with each smart card standard or specification. ISO/IEC is the worldwide standard-setting body for technology, including plastic cards. These standards set minimums, but also include many options and tend to leave some issues unaddressed. As a result, conformance to ISO standards alone does not necessarily ensure interoperability – nor does it ensure that cards and terminals built to the specifications will interoperate. The main standards that pertain to smart cards are ISO/IEC 7810, ISO/IEC 7816, ISO/IEC 14443, ISO/IEC 15693, ISO/IEC 24727 and ISO/IEC 7501. The following should be noted: 1. Some standards listed below are available free of charge, but many must be purchased. 2. Some standards may not be listed in this section, but could be relevant to a specific application or a specific technique required by an implementation (e.g., standardized format of a biometric information). This section contains a list of standards and specifications relating to this module. A more complete listing of standards and specifications, with descriptions of each, can be found in Module 1.

8.1 Standards Relevant to Smart Card Physical Characteristics • ISO/IEC 7810 – Identification Cards – Physical Characteristics • ISO/IEC 7816 – Identification Cards – Integrated Circuit Cards 59 8.2 Standards and Specifications Relevant to Technologies Related to the Card Interface • ISO/IEC 7816 Series – Identification Cards – Integrated Circuit(s) Cards with Contacts • ISO/IEC 14443 Series – Identification Cards – Contactless Integrated Circuit(s) Cards – Proximity Cards • ISO/IEC 18092 – Information technology – Telecommunications and Information Exchange between Systems – Near Field Communication – Interface and Protocol

8.3 Standards and Specifications Relevant to the Card Commands and Application Data Structures • ISO/IEC 7816 Series – Identification Cards – Integrated Circuit(s) Cards with Contacts • GlobalPlatform • Java Card

59 Source: http://www.iso.org

8.4 Standards and Specifications Relevant to Issuers or Specific Industry Sectors • European Telecommunications Standards Institute (ETSI) - GSM. ETSI TS 100 977: "Digital cellular telecommunications system (Phase 2+) (GSM)." - NFC. ETSI TS 102 10 V1.1.1 (2003-03)) "Near Field Communication (NFC) IP-1; Interface and Protocol (NFCIP-1)" • ECMA International - ECMA-340: NFCIP-1 Interface and Protocol (now ISO/IEC 18092) - ECMA-352: NFCIP-2 Interface and Protocol (now ISO/IEC 21481) - ECMA-356: NFCIP-1 RF Interface Test Methods (now ISO/IEC 22536) - ECMA-362: NFCIP-1 Protocol Test Methods (now ISO/IEC 23917) • NFC Forum

9 References 2008 Global Mobile Communications - Statistics, Trends and Forecasts , Paul Budde Communication Pty Ltd., 3GPP, http://www.3gpp.org The Case for Using Mobile Phones for Payments , Deloitte & Touche report, August 2004 Chip-Enabled Mobile Marketing , Smart Card Alliance white paper, September 2010, http://www.smartcardalliance.org Essentials for Successful NFC Mobile Ecosystem , NFC Forum white paper, October 2008 ETSI Technical Standard 100 977 V8.14.0 (2007-06), Digital cellular telecommunications system (Phase 2+);Specification of the Subscriber Identity Module -Mobile Equipment (SIM-ME) Interface, (3GPP TS 11.11 version 8.14.0 Release 1999) Eurosmart, Worldwide Smart Card Shipments 2008, http://www.eurosmart.com/index.php/publications/market-overview.html GSM Association, Market Data Summary, August 7, 2009, http://www.gsmworld.com/newsroom/market- data/market_data_summary.htm GSM Technology: LTE , GSM Association, http://gsmworld.com/technology/lte.htm#nav-6 The Keys to Truly Interoperable Communications , NFC Forum white paper LTE, UICC and the Future of Mobile Communications , Gemalto.com, Jean-Louis Carrara Mobile Retailing: A Comprehensive Guide for Navigating the Mobile Landscape , National Retail Federation white paper, July 2010, http://www.nrf.com/modules.php?name=Documents&op=viewlive&sp_id=5122 Near Field Communication (NFC) Forum, http://www.nfc-forum.org NFC Forum Technical FAQ, http://www.nfc-forum.org/resources/faqs/ NFC Trends, Eurosmart position paper, October 2009, http://www.eurosmart.com/images/doc/WorkingGroups/e-ID/Papers/ecc-position-paper-final.pdf One Year after Launch, NFC Forum Membership hits 70 Organizations Worldwide , NFC Forum press release, February 22, 2006 Phones as Credit Cards? Americans Must Wait , The New York Times, January 25, 2009 Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology , Smart Card Alliance white paper, February 2003, http://www.smartcardalliance.org Proximity Mobile Payments: Leveraging NFC and the Contactless Financial Payments Infrastructure , Smart Card Alliance white paper, September 2007, http://www.smartcardalliance.org Proximity Mobile Payments Business Scenarios: Research Report on Stakeholder Perspectives , July 2008, http://www.smartcardalliance.org Reference Material for Assessing Forensic SIM Tools, Wayne A. Jansen, Aurelien Delaitre, National Institute of Standards and Technology, Paper No. ICCST 2007-74, http://csrc.nist.gov/groups/SNS/mobile_security/documents/mobile_forensics/Reference%20Mat-final- a.pdf Security of Proximity Mobile Payments , Smart Card Alliance white paper, May 2009, http://www.smartcardalliance.org SIM Toolkit, Gemalto, http://www.gemalto.com/techno/stk/

Universal Access , GSM Association report, http://gsmworld.com/documents/universal_access_full_report.pdf Verizon Wireless Fosters Global LTE Ecosystem as Verizon CTO Dick Lynch Announces Deployment Plans , Verizon Wireless Inc. news release, Feb. 18, 2009, http://news.vzw.com/news/2009/02/pr2009-02- 18.html What is a UICC and how is it different from a SIM card?, Just.AskGemalto.com, http://www.justaskgemalto.com/en/communicating/tips/what-uicc-and-how-it-different-sim-card

10 Acknowledgements This document was developed by the Smart Card Alliance for the Certified Smart Card Industry Professional (CSCIP) program. Publication of this document by the Smart Card Alliance does not imply the endorsement of any of the member organizations of the Alliance. The Smart Card Alliance thanks the NFC Forum for their permission to reprint the content in Section 5 and for their review of Section 5. The Smart Card Alliance thanks Eurosmart for their permission to reprint content from the Eurosmart position paper, NFC Trends. The Smart Card Alliance thanks Philippe Benitez, Gemalto , and Ray Wizbowski, Gemalto , for their review of this CSCIP module. The Smart Card Alliance thanks Mike Smith, Montner and Associates, for contributing Section 3, Mobile Telecommunication s, and Section 4, UICCs . The Smart Card Alliance thanks Gemalto for permission to reprint the graphic in Figure 2. The Smart Card Alliance wishes to thank the many current and past members of the Smart Card Alliance Councils and Task Forces who contributed to the development of the white papers and reference material that was used to create this module, including:

Booz Allen Hamilton Giesecke & Devrient Venyon Capital One IBM VeriFone Collis America IfD Consulting Visa, Inc. Cubic Infineon Technologies ViVOtech Discover Financial Services Keycorp USA Technologies Gemalto MasterCard Worldwide Special thanks go to the following individuals who contributed to the development of this white paper:

Deborah Baxley Gwen Dido Simon Hurry Mike Kutsch Neville Pattinson Guy Berg Willy Dommen Ryan Julian Paul Legacki JC Raynon Graeme Bradford Ian Duthie Mohammed Khan Dan Loomis Neil Ringwood Joe DeFilippo Ron Fridman Linnaea Knisely Cathy Medich Brian Stein Sunil Dewan Micheal Gargiulo Pradeep Kumar Ken Moy About LEAP and the CSCIP Program The Smart Card Alliance Leadership, Education and Advancement Program (LEAP) was formed to: offer a new individual members-only organization for smart card professional; advance education and professional development for individuals working in the smart card industry; manage and confer, based on a standardized body-of-knowledge examination, the Certified Smart Card Industry Professional (CSCIP) designation. LEAP members who wish to achieve certification as experts in smart card technology may do so at any time. Certification requires that LEAP members meet specific educational and professional criteria prior to acceptance into the certification program. A series of educational modules forming the CSCIP certification body of knowledge has been developed by leading smart card industry professionals and is updated regularly. These educational modules prepare applicants for the multi-part CSCIP exam administered by the Smart Card Alliance. The exam requires demonstrated proficiency in a broad body of industry knowledge, as opposed to expertise in specialized smart card disciplines. Applicants must receive a passing grade on all parts of the exam to receive the CSCIP certification. LEAP membership in good standing is required to sustain the certification, and documentation of a required level of continuing education activities must be submitted every three years for CSCIP re- certification.

Additional information on LEAP and the CSCIP accreditation program can be found at http://www.smartcardalliance.org .

Trademark Notice All registered trademarks, trademarks, or service marks are the property of their respective owners.