NFC Standards
Standards for the NFC EcosystemAn Interactive Experience for the Mobile CommunityBart van Hoek Smart Card Alliance Mobile and NFC Council
Smart Card Alliance & UL Transaction Security 2012 UL LLCUL and the UL logo are trademarks of UL LLC 20121Access ControlBackExitHome98Transit InfrastructureISO/IEC 24014EN 1545ITSOVDV-KACalypsoSDOACFMSStandardSpecificationStandardCFMS: Contactless Fare Media SystemsITSO: Intergrated Transport Smartcard Organisation VDV-KA: Verband Deutscher VerkehrsunternehmenSDOA: Specification Document Open ArchitectureUS StandardImplementation (Easy Card)EU StandardsMultiple ImplementationsDefines Data ElementsIntegrated TicketingOn Organizational LevelOSPT CIPURSEBackExitHome93Transit InfrastructurePart I Introduction and OverviewAgent Central SystemPart IV System Security Planning and Implementation GuidelinesPart V Compliance Certification and Testing StandardRegional Central SystemPICCConcentratorCard Interface DeviceAgent Central SystemConcentratorCard Interface DevicePart III Regional Central System Interface StandardPart II Contactless Fare Media Data Format and Interface Standard.CFMS ArchitectureBackExitHome94Transit Fare MediumMIFARE4Mobile= deprecatedBackExitHome92
BofA
ING
MRT
AJAX
Card-becomes-appProvisioningBackExitHome
LoyaltyTransitAccessIdentityTags & AccessoriesCorePaymentsThis access section provides an overview of the relevant standards for contactless access control mechanisms.
Access protocols need to be quick, therefore implementations are often built upon the same standards that are used in transit.
Mobile /Card CentricBack Office CentricOverviewMobile/Card CentricBack Office Centric
BackExitHome50Enlarge
StandardsOverview
LoyaltyTransitAccessIdentityTags & AccessoriesCorePaymentsMobile /Card CentricBack Office CentricOverview
Contactless / NFC Readers/TerminalsContactless CardHandset(Card Emulation)WallDesktopLogical AccessPhysical AccessCard centric access control has been standardized in the U.S. Government under FIPS 201 (PIV), or mainly uses proprietary de-facto specifications such as iCLASS and MIFARE. These specifications are being ported to mobile and build upon the known contactless standards.
BackExitHome51Enlarge
LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumInfrastructureSchemesOverview
CorePayments
Around 300 e-ticketing schemes worldwide PaymentInternationally there are many different e-ticketing schemes. It is out of scope of this presentation to discuss each scheme individually. This slide shows a selection of examples of the various transit schemes in the world.BackExitHome48OverviewEnlarge
LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumInfrastructureSchemesOverview
CorePaymentsPaymentThe international standards contain standards on a business level which specify how ticketing should be arranged on a organizational level and provide standards that define the data elements for the cards and point of interaction. Some national specifications have adopted these international standards and added requirements to customize them to local needs.ISO/IEC 24014EN 1545ITSOVDV-KACalypsoSDOACFMSStandardSpecificationStandardCFMS: Contactless Fare Media SystemsITSO: Intergrated Transport Smartcard Organisation VDV-KA: Verband Deutscher VerkehrsunternehmenSDOA: Specification Document Open ArchitectureUS StandardImplementation (Easy Card)EU StandardsMultiple ImplementationsDefines Data ElementsIntegrated TicketingOn Organizational LevelOSPT CIPURSEBackExitHome46CoreProvisioningSecure ElementThis core section is not defining standards that are required for every NFC implementation.
Instead, it defines standards that are industry agnostic. For example, functions like data provisioning, the use of a secure element (SE), or secure element access control are optional for each NFC implementation. SE Access Control
LoyaltyTransitAccessIdentityTags & AccessoriesPaymentsOverviewBackExitHome5SE Access Control - OverviewOS / BasebandCLFSecure ElementUser InterfaceSecureApplicationSE Access ControlOpenMobile APISEEK is an implementation on AndroidSE Access ControlGPAC or GAAC standardBackExitHome66Secure Element - DiagramRuntime Environment(Java Card / MULTOS)ProprietarySpecifica-tions
GlobalPlatform APISecurity DomainApplicationOPEN and GlobalPlatform Trusted FrameworkRTE APIBackExitHome64Secure ElementSE Access ControlOverviewProvisioningCoreLoyaltyTransitAccessIdentityTags & Accessories
PhysicalOver the WireOver the InternetOver the AirCLFSecure ElementSecureApplicationOS / BasebandUser InterfaceTrustedServiceManagerService ProviderProvisioning is the activity where an external party (e.g., the TSM) provides the secure application and/or credentials to a secure element.
Over the Internet:Handsets with a data connection or access to WiFi can communicate with the TSM over TCP/IP. PaymentsEnlarge
BackExitHome8SE Access Control - StandardsBackExitHome67Secure Element - StandardsBackExitHome65StandardsOverviewEnlarge
LoyaltyTransitAccessIdentityTags & AccessoriesOverviewUser InterfaceAcceptance DeviceHandsetTSMCore
Secure ElementPaymentsOS / BasebandCLFSecure ElementUser InterfaceSecureApplication
The user interface is an application that runs on the operating system of the handset. It allows the user to interact with other components and allows the user to select a payment card or enter a passcode.
BackExitHome17Enlarge
LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumPaymentPaymentSchemesOverview
CorePaymentsSpecific payment products have designed their products to store additional data to add e-ticketing functionalities such as: check in, check out, time, and travel credit. BackExitHome49OverviewCFMS StandardsEnlarge
LoyaltyTransitAccessIdentityTags & AccessoriesFare MediumInfrastructureSchemesOverview
CorePaymentsPart I Introduction and OverviewAgent Central SystemCFMS ArchitecturePart IV System Security Planning and Implementation GuidelinesPart V Compliance Certification and Testing StandardRegional Central SystemPICCConcentratorCard Interface DeviceAgent Central SystemConcentratorCard Interface DevicePart III Regional Central System Interface StandardPart II Contactless Fare Media Data Format and Interface Standard.PaymentThe international standards contain standards on a business level which specify how ticketing should be arranged on a organizational level and provide standards that define the data elements for the cards and point of interaction. Some national specifications have adopted these international standards and added requirements to customize them to local needs.BackExitHome47General overview
Secure Elements
Service Provider Host
Trusted Server Manager(s)MNO Host
Handset
Acceptance DeviceBackExitHome57Mobile HandsetBackExitHome73