View
225
Download
1
Category
Tags:
Preview:
Citation preview
Květen 2014
Co se stane s kartami ve světě chytrých věcí?
Jan Němec
Agenda
2
Smart cards
Near Field Communication
Host Card Emulation
ISIS NFC case study
Bluetooth Low Energy and Beacons
Smart card and Internet of Things
MůjCard and Fidesmo
Smart Cards & Devices Forum 2014
Smart cards
3 Smart Cards & Devices Forum 2014
4
Smart cards/Secure elements - no news
Java Card 3.0.1 Management of multiple contact/contactless interfaces Support for up to 20 logical channels Additional cryptography
GP 2.2.1 with amendments A, C and DMultiple TSM management Multiple Service providersMultiple NFC services
NFC Type A and B
Huge certification effort
Common Criteria EAL4+CAST and EMVCoFIME GP2.2
ISD
SSD1SSD2
SSD3
SP-TSM2
SP-TSM3
SP-TSM1
SEI-TSM
Smart Cards & Devices Forum 2014
Near Field Communication versus
Host Card Emulation
5 Smart Cards & Devices Forum 2014
6
Overview of the different NFC modes
P2P
Data exchange…
Card emulation
Payment
Transport
Access control…
Reader
Information…
Requires NFC SE or specific adaptation to HCE
Smart Cards & Devices Forum 2014
Secure Element versus HCE
7 Smart Cards & Devices Forum 2014
8
SE-based transaction
HCE-based transaction
Before HCE, Card Emulation transactions were isolated from the Host OS
NFC Controller routing rules
Smart Cards & Devices Forum 2014
Implicit vs Explicit Selection of Applications
9 Smart Cards & Devices Forum 2014
10
HCE ≠ SE HCE is only emulating the logic of an NFC smart card
SE-Based Card EmulationBoth Application and Credentials reside in a Secure Element
UICC, embedded SE or secured µSD SE is about secure (i.e. extremely hard to break or clone) storage of sensitive data.
Host Card Emulation (HCE): HCE Service runs on the Device OSCredentials can be stored anywhere
In the rich OSIn a TEE In the CloudIn a SE
Where are credentials stored?
Source: UL – HCE Security Webinar Jan 2014Smart Cards & Devices Forum 2014
What use cases with or without SE?
11
Payment
Transport
Access Control
Identity
Secure P2P
Ticketing
Tag reading /info retrieval
Device matching for P2P
Use cases
Possible with HCE but with security and compatibility limitations
201434 brands, 350 models
290 Android270 UICC, 55 eSE, 35 HCE
~500 milion units
2017 ~1700 milions units
Smart Cards & Devices Forum 2014
ISIS NFC case study
12 Smart Cards & Devices Forum 2014
Isis is a Joint Venture between 3 of the biggest US MNOs
13
Partnering with major banks & payment schemes:
Smart Cards & Devices Forum 2014
ISIS Mobile Wallet is now available nationwide!
14 Gemalto Confidential - Internal Use Only
Started as a pilot in 2 cities: Austin & Salt Lake City, in October 2012
National launch on November 14th, 2013
A lot of incentives for users
Smart Cards & Devices Forum 2014
68 Isis-ready phones available
15 Gemalto Confidential - Internal Use Only
The Isis Wallet is also available on iPhone 4, 4S, 5 and 5S with the Incipio Cashwrap Isis Ready case.
The Isis Wallet is now pre-loaded in
14 handsets.Smart Cards & Devices Forum 2014
Near Field Communication versus
Bluetooth Low Energy
16 Smart Cards & Devices Forum 2014
Bluetooth Low Energy (BLE)
17 Smart Cards & Devices Forum 2014
BLE Beacons
18 Smart Cards & Devices Forum 2014
BLE versus NFC
19 Smart Cards & Devices Forum 2014
Wearable devicesand
Internet of Things
20 Smart Cards & Devices Forum 2014
SundayTimes newpaper article in 2006
21 Smart Cards & Devices Forum 2014
Chandan’s All-In-One Card desing in 2006
22
https://blogs.oracle.com/chandan/entry/the_all_in_one_card
Smart Cards & Devices Forum 2014
23
Arduino
Smart Cards & Devices Forum 2014
24 Smart Cards & Devices Forum 2014
PRINTOO
25
Printoo's modules will be thin and bendable.
Smart Cards & Devices Forum 2014
26
Thin and flexible polymer solar cell. You can cut it into the shape you want!
PRINTOO
Smart Cards & Devices Forum 2014
27
Paper-Thin Electrochromic Screen
PRINTOO
Smart Cards & Devices Forum 2014
PRINTOO modules
28 Smart Cards & Devices Forum 2014
MůjCard
29 Smart Cards & Devices Forum 2014
30
MůjCard world values …
…for end users Access to more contactless service thanks to MůjStore with the appsInstant way to get, manage and use these service thanks to MůjManager
…for service provides Ability to offer services
small players at city/regional level have no chance to talk to MNO/handset vendorglobal players are not ready to agree and integrate with X+ MNOs/handset vendors
Ability to offer services without need to provide own secure elements
… for group users (corporations, government) Access to simple post issuance of their cards, which doesn’t exist todaySimple/portable interface for their users merging usage and discovery experience
… for MNOs not willing to join NFC waveAbility to offer an external SE as NFC equivalent to their end users (revenue share)
… for MNO not ready to invest in expensive TSM infrastructureQuick access to SPs - giving an SD on NFC SIM (cheaper SIM or revenue share)
Smart Cards & Devices Forum 2014
31
MůjCard world in pictures
MůjCard with MůjCardApps
MůjStore
Terminal with MůjManager
Terminal accessing MůjCardApps
ISO 7816ISO 14443
HTTPS
ISO 7816ISO 14443
Smart Cards & Devices Forum 2014
32
MůjCard in pictures
MůjCard
App #1 App #2 App #3 App #n
Admin Applet User auth
Terminal auth
Store auth
Apps access control
Apps registry
Manager reference
Smart Cards & Devices Forum 2014
33
MůjManager in pictures
Terminal
MůjManager
APDU communication module
MůjCard communication service
MůjStorediscovery
MůjStore communication module
MůjCarddiscovery
APDUscriptplayer
Smart Cards & Devices Forum 2014
34
MůjStore in pictures
MůjStore
Apps container
Public Zones – public apps
Restricted Zones – own apps
Ap #1 Ap #nAp #2
Users
End user account #1
UZone #1
UZone #2
MůjCard #1MůjCard #1
MůjCard #2
MůjCard #3
Group account #1
UZone #1
UZone #2
MůjCard #1
MůjCard #2
MůjCard #3
Group Zone #1
App #1 App #2
Smart Cards & Devices Forum 2014
35
MůjCardApps examples – public zones
MůjManager is separated from MůjCard UI / terminal apps
End user offer – standalone appsNFC business cardSecure storage – phonebook, passwords, pins, keys, etc.PC authenticationWeb authenticationBitcoin wallet
End user offer – service provider appsAccess – hotel keys, house keys, cinema, stadium, ski resorts, etc.TransportCar rentalCouponing, LoyaltyDRM – applications/gamesOTP, etc.
Smart Cards & Devices Forum 2014
36
MůjCardApps examples – restricted zones
MůjManager can be merged with MůjCard UI / terminal apps
Corporate offerAccess appsNFC business cardPC authenticationWeb authenticationSignature/cipheringProprietary payment – canteen, coffee and other machinesTravel apps
Goverment offerDigital signatureVotingID, Driving license, Health card, etc.
Smart Cards & Devices Forum 2014
Fidesmo
37
Fidesmo wins MIFARE Award for the most innovative idea for new services. - http://fidesmo.com/press-releases/
Fidesmo Aims To Be The Only Card You Need For Public Transit (And Eventually, Anything Else). - http://techcrunch.com/2014/05/06/fidesmo-aims-to-be-the-only-card-you-need-for-public-transit-and-eventually-anything-else/
Fidesmo, a technology startup connecting cards with mobile phones. They are just three guys, based in Stockholm and Madrid. - http://fidesmo.com/
Smart Cards & Devices Forum 2014
Thank you!
Jan NemecJan.Nemec@gemalto.com
Recommended