GlobalPlatform NFC Mobile White Paper

  • Published on

  • View

  • Download


White paper about mobile NFC


<ul><li><p> White Paper April 2009</p><p>GlobalPlatforms Proposition for NFC Mobile: Secure Element Management and Messaging</p><p> | | 2009 GlobalPlatform Inc. </p></li><li><p> 2009 GlobalPlatform Inc. 1 </p><p>GlobalPlatforms Proposition for NFC Mobile: Secure Element Management and Messaging </p><p> Contents: About GlobalPlatform Publication Acknowledgements Executive Summary Section 1: Introduction Section 2: GlobalPlatform Messaging </p><p>2.1 Actors and Responsibilities Section 3: What Changes are Needed for NFC Mobile </p><p>3.1 Role Description 3.1.1 Application Developer 3.1.2 Application Owner 3.1.3 Application Provider 3.1.4 SSD Manager 3.1.5 Controlling Authority 3.1.6 Card Issuer 3.1.7 Cardholder 3.1.8 Card Enabler 3.1.9 Collater/Decollator 3.1.10 Loader 3.1.11 Card Manufacturer 6.1.12 IC Manufacturer 6.1.13 Platform Specification Owner 6.1.14 Platform Developer </p><p> Section 4: Examples of Deployment Cases </p><p>4.1 Examples of Simple Mode deployment cases 4.1.1 Simple Mode using MNO OTA platform 4.1.2 Simple Mode using MNO &amp; TSM OTA platform </p><p>4.2 Delegated Management Deployment Case 4.2.1 Delegated Mode with Full Delegation to TSM 4.2.2 Delegated Mode with Personalization by SP </p><p>4.3 Authorized Management Deployment Case 4.3.1 Authorized Mode with Full Delegation to TSM 4.3.2 Authorized Mode based on SCP02 to TSM 4.3.3 Authorized Mode with Personalization by SP </p><p> Section 5: Conclusion Appendices Appendix A: References Appendix B: Abbreviations and Notations Appendix C: Figures </p></li><li><p> 2009 GlobalPlatform Inc. 2 </p><p>About GlobalPlatform GlobalPlatform is the leading, international association, focused on establishing and maintaining an interoperable and sustainable infrastructure for smart card deployments. Its technology supports multi-application, multi-actor and multi-business model implementations, which delivers benefits to issuers, service providers and technology suppliers. GlobalPlatform Specifications are freely available and have been adopted worldwide by many public and private bodies. As of October 2008, there were an estimated 305.7 million GlobalPlatform-based smart cards in circulation across the world and an additional two billion mid range USIM/SIM cards using GlobalPlatform technology to enable over-the-air (OTA) application downloads for 3G and GSM mobile networks. These figures are expected to increase significantly throughout 2009. GlobalPlatform is an independent, not-for-profit organization and its strategy is defined and prioritized by a Board of Directors. GlobalPlatform is currently chaired by Sebastien Tormos, Vice-President of Marketing, Datacard Group, and vice-chaired by Marc Kekicheff, Vice President Product Technology, Visa Inc. Kevin Gillick serves the membership on a full-time basis as its Executive Director. For further information, visit </p></li><li><p> 2009 GlobalPlatform Inc. 3 </p><p>Publication Acknowledgements GlobalPlatform wishes to offer special thanks to the members of the UICC System Role Task Force and their respective organizations for their contributions and involvement in developing this white paper. Participants include: Full Members: </p><p>Gil Bernabeu Gemalto Enrico Perin Gemalto Jean Henaff Datacard Gael Gerard Orange FT Group Ahmad Saif Orange FT Group Jean Christophe Bernard Orange FT Group Sophie Diallo Oberthur Kiushan Pirzadeh - Visa, Inc </p><p> Participating Members: </p><p>Mathias Lerch Inside Contactless Johannes Hoier Srensen Smart Trust </p><p> Observer Members: </p><p>Sebastien Pierrel Ericsson Consultant Members: </p><p>Jean Philippe Ameil Nextendis Public Entity </p><p>Pierre Terre - RATP GlobalPlatform team: </p><p>Kevin Gillick Executive Director of GlobalPlatform Alliances Management Operations Secretariat </p><p> Copyright 2009 GlobalPlatform Inc. All Rights Reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from GlobalPlatform Inc. </p></li><li><p> 2009 GlobalPlatform Inc. 4 </p><p>Executive Summary Near Field Communication (NFC) presents significant business opportunities when used in mobile phones for applications such as payment, transport ticketing, loyalty, physical access control, and other exciting new services. To support this fast evolving business environment, several entities, in addition to Mobile Network Operators (MNO), will become involved in the NFC mobile ecosystem. By nature of their individual roles, these players will need to communicate with each other and exchange messages in a reliable and interoperable way. </p><p>Equally important to these entities or players, will be the need for ongoing security and confidentiality of sensitive applications and data downloaded to and stored on an NFC enabled handset for performing contactless transactions. The component in a mobile phone providing the security and confidentiality required to support various business models in this environment, is referred to as a Secure Element (SE). As a neutral and cross-industry organization, GlobalPlatform intends to define and provide the specifications necessary to support three types of secure elements selected as options for NFC mobile. These are: </p><p> Universal Integrated Circuit Card (UICC) Embedded Secure Element Secure Memory Card </p><p> The primary purpose of this white paper is to discuss the new functional features that will be required in the back-office management systems or infrastructure to optimally manage a GlobalPlatform Secure Element with initial focus on products compliant with the GlobalPlatform UICC Configuration [2]. The GlobalPlatform Embedded Secure Element Configuration will be defined next and, once completed will be incorporated as a secure element option. </p><p>The second objective is to clarify where trusted entities from a key management point of view are needed. The business rationale to work with a trusted and reliable partner, and the need to have a third party entity facilitate key or certificate management, are often intertwined. From a key and certification management point of view, security requirements will be very different for a business partner compared to a trusted third party. </p><p>The third objective is to explain how the GlobalPlatform Messaging Specification [3] can provide the necessary interoperability in the NFC ecosystem thanks to the definition of standardized messages that can be exchanged between disparate systems in a GlobalPlatform compliant environment. Support is provided for the issuance and post-issuance updates of GlobalPlatform Secure Elements compliant with the UICC Configuration specification [2]. </p><p>GlobalPlatform is well-positioned to facilitate the creation of a standard infrastructure necessary to allow service providers, trusted service managers and mobile network operators to manage application download and personalization without being limited to a single type of Secure Element. Hence, most of the contents and conclusions of this paper will be applicable, or easily transposable, to other Secure Elements, provided that they are compliant with the GlobalPlatform Card Specifications. </p></li><li><p> 2009 GlobalPlatform Inc. 5 </p><p>The target audience for this white paper is all the entities involved in the NFC ecosystem including service providers, mobile network operators, trusted service manager, system integrators and system developers, participating in GlobalPlatform smart card implementations, and developing infrastructure components and support systems. Such systems include: </p><p> Data Preparation Systems, Personalization Systems, Application Management Systems, Smart Card Management Systems, Personalization Collators/Decollators. </p><p> This white paper is intended to be informational but is rather technical in nature and could therefore be seen as a technical brief. </p><p>This paper is also intended to be used as input to the technical evolution of the GlobalPlatform Messaging specification [3] planned for 2009. </p></li><li><p> 2009 GlobalPlatform Inc. 6 </p><p>SECTION 1: Introduction It is envisaged that end-users will in the near future use NFC enabled mobile phone for payment, transport ticketing, loyalty, access and many others contactless services. Several pilots are already in progress in a number of locations across the world but these are typically in closed environments, or limited in scope and number of players involved. A central obstacle to roll-out is scalability beyond the current phase of initial pilots with a small number of actors involved today. To overcome this, a way must be found to resolve the issue of how to create an interoperable mobile NFC ecosystem that makes it easy for Service Providers (SP) and Mobile Network Operators (MNO) to work together. GSM Associations answer was to create the role of Trusted Service Manager (TSM) who establishes the link between the service providers and MNOs worlds from a technical perspective. The TSM role is also to ensure a level of trust and confidentiality between the actors. Use of the term trusted in this role may be misleading and incorrectly associated with the key management function. In most cases this entity will not be managing keys, neither for the MNO nor the service provider. Figure 1-1 illustrates the chaotic nature of the business environment without a TSM and the role the TSM plays in providing services to various entities within the ecosystem. </p><p>Figure 1-1 Trusted Service Manager Role </p><p> The mobile NFC ecosystem requires the inter-connection of several entities or actors, coming from different business environments and using heterogeneous systems, facilitating critical data exchange to support business functionality. It will require change in current process flows to facilitate new functionality. </p></li><li><p> 2009 GlobalPlatform Inc. 7 </p><p>For example, allowing a mobile service to be set up via Over-the-Air (OTA), changes current process flows and data exchanges as follows: </p><p>Existing: Service provider to card through a personalization bureau, New: Service provider to the card via an OTA platform </p><p> The main actors taking part in the processes when the SE is a UICC card within the mobile NFC ecosystem are the following: </p><p> Mobile Network Operators (MNO) who are the owners of the UICC card and also own in most of the cases an OTA platform </p><p> Service Providers (SP) who are entities such as banks, transport companies, retailers, etc., providing a service to consumers and need to have their application implemented on a UICC card </p><p> Trusted Service Managers (TSM) who enable the link between the SP and MNO providing (subcontracting) the technical capability to: </p><p>o Allow the MNO to send messages to the SP o Allow the MNO to perform NFC services management o Allow the SP to send messages to the MNO o Allow the SP to perform NFC services management o Optionally, have commercial roles (aggregator, commercial intermediate, </p><p>commercial agent, end user support, etc.) Confidential Key Loading Authority (CKLA) who is responsible for enabling the initial </p><p>key set in a GlobalPlatform card in a confidential way In most of the NFC trials conducted worldwide over the past two years, a single MNO, SP and TSM were involved. These trials received good end-user feedback. Facilitating expansion requires several SPs connected simultaneously to multiple MNOs with potentially multiple TSMs, collectively requiring exchange of data in a reliable and interoperable fashion. To enable this capability, the issue as to how to guarantee an interoperable way of exchanging messages between the different actors must be addressed. For example, where new end-users want to have their bank cards enabled on their mobile phones, the following practicalities need to be addressed: </p><p> How to be sure that the UICC and the mobile phone are NFC enabled How to request creation of a security domain (SSD) and download and personalize </p><p>the banking application in a confidential way How to handle a subsequent transfer of service from one UICC to another </p><p> Certain initiatives, especially in Europe, have defined some of the messages to be exchanged between the MNO and SP but not necessarily the messaging format to be used. However, these initiatives intend to be fully compliant with the GlobalPlatform specifications. Any isolated or proprietary efforts to describe additional ways of exchanging messages would be unproductive and increase the level of complexity of the system. Where platforms are required to comply with multiple specifications, development and maintenance costs increase, and consistency and interoperability are at risk. The GlobalPlatform Messaging specification [3] already defines a set of standard messages for data exchange between disparate systems in a GlobalPlatform smart card environment. This functionality is applicable to UICC NFC enabled cards which are in fact part of the GlobalPlatform smart card environment in which security domains and secure messaging concepts are already in use. </p></li><li><p> 2009 GlobalPlatform Inc. 8 </p><p>This makes GlobalPlatform the ideal organization for defining the necessary message formats to be used for data exchange in the mobile NFC ecosystem. The main advantages of using GlobalPlatforms Messaging specification [3] are: </p><p> Avoid proprietary solutions to exchange information </p><p>Figure 1-2 Proprietary solutions to exchange information </p><p> Promote standard interactions between entities </p><p>Figure 1-3 Standard interactions between entities </p><p> Facilitate integration of new partners in the smartcard ecosystem </p><p>Figure1-4 Easy integration of new partners </p></li><li><p> 2009 GlobalPlatform Inc. 9 </p><p>Section 2: GlobalPlatform Messaging The primary objective of the GlobalPlatform Messaging specification [3] is to standardize the most common messages that will be exchanged between disparate systems from a range of suppliers. By creating standards for these fundamental messages, the intention is to reduce systems integration impacts typically associated with constructing systems architecture from a variety of solution providers. Messages can be exchanged between any number of parties, and in some cases the recipient may not necessarily be the entity required to act on the message but may be to route the message onto the relevant party. It is important to note that the objective of the GlobalPlatform Messaging specification [3] is not to prescribe or specify messages internal to the supplier of a system. Thus, where a supplier's product, or product solution, internalizes the interchanges of two or more actors identified in the specification, the implementation of these particular interchanges is left to the design discretion of the s...</p></li></ul>


View more >