Standards for the NFC Ecosystem An Interactive Experience

Standards for the NFC Ecosystem An Interactive Experience for the Mobile Community Bart van Hoek Smart Card Alliance Mobile and NFC Council Smart Card Alliance & UL Transaction Security UL and the UL logo are trademarks of UL LLC © 2012 UL LLC

Instructions on how to use this presentation Next From this slide forward you should use the mouse for navigation. When the mouse pointer changes to a hand you can click it. All buttons will be clickable and navigate you through the presentation. The navigation pages are separated in 3 columns: industry | component | view At anytime you can go BACK, go to the HOME page or EXIT the presentation by clicking on the navigation buttons at the top of the page. Clicking on the company logos will provide you with more information about the organizations and the contributors to this document. - Click NEXT to proceed

NFC STANDARDS Loyalty Payment Transit Core Tags & Accessories Identity Access [Please select your industry]

Home Back Exit Overview Core Payments Tags & Accessories This core section is not defining standards that are required for every NFC implementation. Instead, it defines standards that are industry agnostic. For example, functions like data provisioning, the use of a secure element (SE), or secure element access control are optional for each NFC implementation. Identity Provisioning Loyalty Secure Element Transit SE Access Control Access … Provisioning SE Access Control Secure Element

Home Back Over the Air Overview Core Payments Tags & Accessories Exit Over the Internet Over the Wire Physical Provisioning is the activity where an external party (e. g. , the Trusted Service Manager (TSM)) provides the secure application and/or credentials to a secure element. Bof. A Identity “Card-becomes-app” Loyalty Secure Element Transit SE Access Control Access … Enlarge [Please select the provisioning method] ING MRT AJAX

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Provisioning is the activity where an external party (e. g. , the TSM) provides the secure application and/or credentials to a secure element. Over the Air: Method which enables a mobile network operator (MNO) to communicate with the SE on the handset. Possible implementations are: SMS, CAT-TP or HTTPS Exit Over the Air Trusted Service Manager Over the Internet Over the Wire Physical Mobile Network Operator OS / Baseband User Interface Service Provider Secure Element Secure Application Secure Element CLF Transit SE Access Control Access … Enlarge

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Provisioning is the activity where an external party (e. g. , the TSM) provides the secure application and/or credentials to a secure element. Over the Internet: Handsets with a data connection or access to Wi. Fi can communicate with the TSM over TCP/IP. Exit Over the Air Over the Internet Over the Wire Physical Trusted Service Manager OS / Baseband User Interface Service Provider Secure Element Secure Application Secure Element CLF Transit SE Access Control Access … Enlarge

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Provisioning is the activity where an external party (e. g. , the TSM) provides the secure application and/or credentials to a secure element. Over the Wire: The TSM can communicate with the SE on the handset over the contactless interface. Exit Over the Air Over the Internet Over the Wire Physical Service Provider OS / Baseband User Interface Trusted Service Manager Secure Element Secure Application Secure Element PC/SC reader Transit SE Access Control Access … Enlarge CLF

Home Back Overview Core Payments Tags & Accessories Provisioning is the activity where an external party (e. g. , the TSM) provides the secure application and/or credentials to a secure element. Identity Physical: In case of a removable SE, the TSM can personalize an SE externally and physically deliver the hardware to the customer. Loyalty Secure Element Transit SE Access Control Access … Exit Over the Air Over the Internet Over the Wire Physical Trusted Service Manager OS / Baseband User Interface Secure Application Secure Element Enlarge Secure Application CLF

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Provisioning Exit Overview Diagram micro. SD A modified micro. SD card with additional secure memory and possibly NFC Secure Element A secure element (SE) is a tamper-proof smart card chip capable of embedding applications with a required level of security. Connected to an NFC chip it supports contactless communication. The SE could be integrated in various form factors: in SIM cards/UICCs, embedded in the handset , or in a micro. SD Card. Transit SE Access Control Access … UICC A general purpose SIM card with additional secure memory Embedded SE A secure memory chip directly soldered to the motherboard Enlarge Standards

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Exit Overview Diagram Standards Provisioning Secure Element A secure element (SE) is a tamper-proof smart card chip capable of embedding applications with a required level of security. Connected to an NFC chip it supports contactless communication. The SE could be integrated in various form factors: in SIM cards/UICCs, embedded in the handset , or in a micro. SD Card. Transit SE Access Control Access … Application Security Domain Global. Platform API OPEN and Global. Platform Trusted Framework Runtime Environement (RTE) (Java Card / MULTOS) Enlarge RTE API Proprietary Specifications

Home Back Overview Payments Tags & Accessories Identity Loyalty Overview Diagram Standards Provisioning Secure Element A secure element (SE) is a tamper-proof smart card chip capable of embedding applications with a required level of security. Connected to an NFC chip it supports contactless communication. The SE could be integrated in various form factors: in SIM cards/UICCs, embedded in the handset , or in a micro. SD Card. Transit SE Access Control Access … SWP /HCI interface ETSI / GCF / PTCRB SWP / HCI MIFARE 4 Mobile UICC Core Exit Card Specification Global. Platform UICC Contactless Configuration ISO/IEC 7816 interface ETSI / GCF / PTCRB Enlarge UICC Configuration BIP for UDP / TCP SCP 80 / SCP 81

Home Back Overview Core Exit Overview Standards Provisioning OS / Baseband Payments Secure Element User Interface Open. Mobile API SEEK is an implementation on Android Tags & Accessories Identity SE Access Control GPAC or GAAC standard Secure element access control prevents unauthorized applications in the operating system from communicating with the secure element. Secure Element Loyalty CLF Transit Enlarge Access Secure Application …

Home Back Overview Payments Tags & Accessories Identity Overview Standards Provisioning Secure Element SE Access Control Secure element access control prevents unauthorized applications in the operating system from communicating with the secure element. SE Access Control Core Exit SIM Alliance Open. Mobile API Global. Platform Secure Element Access Control RSA Laboratories PKCS #15 Loyalty Transit Enlarge Access …

Home Back Exit Overview Core The payments section will provide an overview of the standards involved for making contactless financial transactions. Trusted Service Manager OS / Baseband User Interface Payments Tags & Accessories Acceptance Device User Interface Identity Acceptance Device Loyalty Handset Transit Secure Element Access TSM Payment Kernels Secure Element Secure Application CLF

Home Back Overview Core Payments Tags & Accessories Exit Overview Standards User Interface The user interface is an application that runs on the operating system of the handset. It allows the user to interact with other components and allows the user to select a payment card or enter a passcode. Identity Acceptance Device Loyalty Handset Transit Secure Element Access TSM OS / Baseband Secure Element User Interface Secure Application CLF Enlarge

Home Back Overview Payments Tags & Accessories Identity Overview Standards User Interface The user interface is an application that runs on the operating system of the handset. It allows the user to interact with other components and allows the user to select a payment card or enter a passcode. Acceptance Device Wallet Provider Service Provider Functional Requirements Pay. Pass UI Application Requirements Master. Card Design Guide and Brand Standards Visa Wallet Core Exit American Expresspay Mobile Wallet Interface Guide Discover Loyalty Handset EMVCo Transit Secure Element Access TSM Enlarge Application Activation User Interface (AAUI)

Home Back Overview Core User Interface Payments Acceptance Device Tags & Accessories The point-of-sale (POS) is the payment terminal at a merchant, where customers can make a financial transaction. Identity This interaction can be categorized into three groups: contact, contactless or mobile. Loyalty Handset Transit Secure Element Access TSM Exit Overview Diagram Standards Contact Acceptance Device (POS) Contactless Mobile Enlarge

Home Back Overview Core Exit Overview Diagram Standards User Interface Payments Acceptance Device Tags & Accessories The point-of-sale (POS) is the payment terminal at a merchant, where customers can make a financial transaction. Identity This interaction can be categorized into 3 groups: contact, contactless or mobile. Loyalty Architeture and General Requirements – Book A PCI PTS / PCI P 2 PE Kernel Book C-1 Kernel Book C-2 Kernel Book C-3 Transit Secure Element Access TSM Book C-4 Entry Point Specification - Book B Contactless Communication Protocol Specification Book D Handset Legend: Kernel EMVCo Enlarge PCI Proprietary Specifications

Home Back Overview Core Exit Diagram Standards Book A – Architectual RSequirements User Interface C 1 – Kernel JCB Book B – Entry Point Specification Acceptance Device Tags & Accessories The point-of-sale (POS) is the payment terminal at a merchant, where customers can make a financial transaction. Identity This interaction can be categorized into 3 groups: contact, contactless or mobile. Loyalty Handset EMVCo C 3 – Kernel Visa Book D – Contactless Communication Protocol C 4 – Kernel American Express PIN Security Requirements PCI PTS Point of Interaction Modular Security Requirements PCI P 2 PE Proprietary Transit Secure Element Access TSM C 2 – Kernel Master. Card Book C – Kernel Acceptance Device Payments Enlarge P 2 PE Hardware Solution Requirements and Testing Procedures

Home Back Overview Core Exit Overview Standards User Interface OS / Baseband Payments Acceptance Device Tags & Accessories Handset Identity Loyalty The handset is the mobile phone. New generation smart phones contain the main components necessary for card emulation. The basic components within the handset that make card emulation possible are the NFC antenna and the Contactless Front End (CLF). Transit Secure Element Access TSM Secure Element User Interface Secure Application CLF Enlarge

Home Back Overview Payments Tags & Accessories Identity Loyalty Overview Standards EMV Contactless L 1 – Book A User Interface EMVCo Acceptance Device Handset The handset is the mobile phone. New generation smart phones contain the main components necessary for card emulation. The basic components within the handset that make card emulation possible are the NFC antenna and the Contactless Front End (CLF). Transit Secure Element Access TSM NFC Interface Handset Core Exit Visa Cross Test – Visa Internal Master. Card Perf. / Comb. / Interf. Discover American Express NFC Forum Security Related UICC Interface Tag Reading & Writing Peer-to-Peer Global. Platform TEE Global. Platform SE Access Control ETSI / GCF / PTCRB SIM Alliance Enlarge EMV Contactless L 1 – Book D SWP / HCI BIP for UDP / TCP Open Mobile API

Home Back Overview Core Exit Functional Security User Interface SECM (CRS App) EMVCo PPSE Tags & Accessories Identity Loyalty Transit Handset General UICC Payments Acceptance Device SWP /HCI Interface Secure Element The secure element is a secure, tamper-resistant, storage and execution environment holding payment applications and payment assets such as keys. TSM Perf. & Application Testing Visa Requirements for SEs ETSI / GCF / PTCRB SWP / HCI MIFARE 4 Mobile Card Spec 2. 2. 1 + UICC Config Global. Platform UICC Contactless Configuration SE Access Control ISO/IEC 7816 interface ETSI / GCF / PTCRB Enlarge Access Master. Card BIP for UDP / TCP SCP 80 / SCP 81

Home Back Overview Exit Functional Security Master. Card (CAST) Core User Interface Visa (VCSP) EMVCo IC Evaluation Chip (IC) Tags & Accessories Handset Identity Secure Element Loyalty Transit JCB / American Express / Discover Acceptance Device Secure Element Payments Common Criteria Master. Card (CAST) The secure element is a secure, tamper-resistant, storage and execution environment holding payment applications and payment assets such as keys. TSM Visa (VCSP) EMVCo Platform Evaluation JCB / American Express / Discover ANSSI PP 2009/02 Common Criteria PU-2009 -RT-79 (UICCs) Platform (IC + OS) PP 1003 (Other SE Types) Enlarge Access BSI PP 0035

Home Overview Core User Interface Exit Overview Standards Trusted Service Manager Service Provider Interfaces Payments Tags & Accessories Identity Acceptance Device SMS Secure Core KMS Handset HSM Application Lifecycle Management Subscriber Management Work Flow Management Secure Element Transit Access TSM The trusted service manager (TSM) enables service providers to distribute and manage their contactless applications remotely by allowing access to the secure element in NFC-enabled handsets. BIP CAT-TP HTTP(S) Operations Management Analysis, Reporting & Statistics CAMS Loyalty Service Delivery OTA Interfaces PAMS Billing Services Customer Care Enlarge MNO Backend Interfaces Back

Home Back Exit Overview Standards Mobile Master. Card Pay. Pass TSM Functional Requirements Core User Interface Master. Card Logical Security Requirements for Card Personalizations Bureaus Security requirements for Mobile Payment Provisioning Payments Generic Acceptance Device Visa - American Expresspay Mobile TSM security requirements Discover TSM – Functional and Security Requirements Handset TSM Backend Tags & Accessories Discover DFS TSM Qualification Process AFSCM Service Provider Specific Identity Secure Element Global. Platform Messaging Interfaces Loyalty Transit Access TSM The trusted service manager (TSM) enables service providers to distribute and manage their contactless applications remotely by allowing access to the secure element in NFC-enabled handsets. MNO AFSCM MNO Specific DMSR Global. Platform Messaging Controlling Authority Global. Platform Messaging Enlarge

Home Back Exit Overview Core Payments Tags & Accessories Identity NFC is used for smartphones and similar devices to establish wireless radio communication with each other by touching them together or bringing them into close proximity. Tags er /W rit r de a Re Present applications include contactless transactions, data exchange, and simplified setup of more complex communications. P 2 P Mobile Device Tag reading/writing Pairi ng Loyalty Peer to Peer Mobile Device Transit Pairing Access … Accessory

Home Back Overview Core Tag reading/writing Payments In reader/writer mode, the NFC device is capable of reading NFC Forum tag types, such as a tag embedded in an NFC smart poster. Tags & Accessories Exit Overview er Re Peer to Peer Mobile Device Pairing Access … rit W r/ e ad The reader/writer mode on the RF interface is compliant with the ISO/IEC 14443 and Feli. Ca schemes. Transit Standards Tags Identity Loyalty Stack

Home Back Overview Exit Overview Stack Standards Tag Read/Write Technology Stack Core Tag reading/writing Payments In reader/writer mode, the NFC device is capable of reading NFC Forum tag types, such as a tag embedded in an NFC smart poster. Tags & Accessories The reader/writer mode on the RF interface is compliant with the ISO/IEC 14443 and Feli. Ca schemes. . Application NDEF Messages Protocol Tag Type Specification Protocol NFC Digital Protocol Identity NFC Activity Specification Mode Loyalty RTD ISO/IEC 21481 Peer to Peer ISO/IEC 18092 Transit Pairing Access … Enlarge ISO/IEC 14443 ISO/IEC 15693

Home Back Overview Core Tag reading/writing Payments In reader/writer mode, the NFC device is capable of reading NFC Forum tag types, such as a tag embedded in an NFC smart poster. Stack Standards NFC Data Exchange Format (NDEF) [99] NFC Forum Tag Operation [100], [101], [102], [103] NFC Forum NFC Record Type Definition (RTD) [104], [105], [106], [107], [108], [109] NFC Digital Protocol [112] The reader/writer mode on the RF interface is compliant with the ISO/IEC 14443 and Feli. Ca schemes. Identity Loyalty Overview Tag Reader/Writer Tags & Accessories Exit NFC Activity [113] ISO/IEC 14443 [91], [92], [93], [94] Peer to Peer ISO/IEC 18092 [95] ISO/IEC 21481 [97] Transit Pairing Access … Enlarge

Home Back Overview Core Tag reading/writing Payments Peer to Peer Tags & Accessories Identity Loyalty Overview In peer-to-peer mode, two NFC devices can exchange data. Essentially any NFC application that involves bidirectional communication will be working in peer-to-peer mode. In this mode both devices can exchange data, such as virtual business cards or digital photos. Android Beam is an implementation that works in this NFC mode. Transit Pairing Access … Exit Stack Standards P 2 P Mobile Device

Home Back Overview Core Exit Overview Stack Standards Tag reading/writing Peer to Peer . . . Payments Tags & Accessories Identity Loyalty Peer to Peer In peer-to-peer mode, two NFC devices can exchange data. Essentially any NFC application that involves bidirectional communication will be working in peer-to-peer mode. In this mode both devices can exchange data, such as virtual business cards or digital photos. Android Beam is an implementation that works in this NFC mode. Transit Pairing Access … Messages SNEP Protocol LLCP Technology Stack NFC Digital Protocol NFC Activity Specification Mode ISO/IEC 21481 ISO/IEC 18092 Enlarge ISO/IEC 14443 ISO/IEC 15693

Home Back Overview Core Exit Overview Stack Standards NFC Data Exchange Format (NDEF) [99] Tag reading/writing NFC Simple NDEF Exchange Protocol (SNEP) [114] Tags & Accessories Identity Loyalty Peer to Peer In peer-to-peer mode, two NFC devices can exchange data. Essentially any NFC application that involves bidirectional communication will be working in peer-to-peer mode. In this mode both devices can exchange data, such as virtual business cards or digital photos. Android Beam is an implementation that works in this NFC mode. NFC Forum NFC Logical Link Control Protocol (LLCP) [111] NFC Digital Protocol [112] Peer to Peer Payments NFC Activity [113] ISO/IEC 14443 [91], [92], [93], [94] ISO/IEC 18092 [95] ISO/IEC 21481 [97] Transit Pairing Access … Enlarge

Home Back Overview Core Tag reading/writing Payments Peer to Peer Tags & Accessories Pairing Identity Loyalty Transit Access The connection handover mechanism is defined by the NFC Forum as the “sequence of interactions that enable two NFC-enabled devices to establish a connection using other wireless communication technologies. ” Connection handover combines the simple, one-touch set-up of NFC with high-speed communication technologies, such as Wi. Fi or Bluetooth. … Overview Exit Standards Pairi ng Mobile Device Accessory

Home Back Overview Core Tag reading/writing Payments Peer to Peer Exit Standards NFC Forum Connection Handover [110] NFC Forum Identity Loyalty Transit Bluetooth Secure Simple Pairing Using NFC [116] Pairing The connection handover mechanism is defined by the NFC Forum as the “sequence of interactions that enable two NFC-enabled devices to establish a connection using other wireless communication technologies. ” Connection handover combines the simple, one-touch set-up of NFC with high-speed communication technologies, such as Wi. Fi or Bluetooth. Pairing Tags & Accessories Tag Reader / Writer NFC Mode Peer to Peer NFC Pairing Modes: Negotiated Handover (between two devices, using P 2 P mode) and Static Handover (between a device and an NFC Forum NDEF Tag) Enlarge Access …

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Transit NFC-enabled smartphones can support standards-based identity applications, including authentication and verification, with a familiar form factor that is accepted and widely used in everyday life. NFC technology, coupled with the powerful CPU, display, battery, memory and communications available in today’s smartphone, facilitate strong identity and attribute management. With the inclusion of a PIN and biometrics (e. g. , photo, face, iris, fingerprint, voice) for multifactor authentication and with support for PKI, locationawareness and out-of-band connectivity, strong, flexible and convenient identity attestation can be achieved. Exit Overview Standards NFC Mobile Device as an Identity Credential = Example Use Cases • Physical Access to Facilities • Logical Access • Healthcare Record Access • Border Crossing Enlarge Access NFC Mobile Device as an Identity Credential Reader Example Use Cases • Emergency Responder Scene Access • Medical Services • Campus Identification

Home Back Overview Payments Tags & Accessories Identity Loyalty Transit NFC-enabled smartphones can support ISO/IEC 14443 based identity applications, including authentication and verification, with a familiar form factor that is accepted and widely used in everyday life. NFC technology, coupled with the powerful CPU, display, battery, memory and communications available in today’s smartphone, facilitate strong identity and attribute management. Standards ISO Identity Core Exit Identity Card Application Proprietary Identity Reader Applicaion With the inclusion of a PIN and biometrics (e. g. , photo, face, iris, fingerprint, voice) for multifactor authentication and with support for PKI, locationawareness and out-of-band connectivity, strong, flexible and convenient identity attestation can be achieved. Enlarge Access 14443

Home Back Exit Overview Core Payments Tags & Accessories Loyalty programs are structured marketing efforts that reward and therefore encourage loyal buying behavior. Loyalty cards are used to track repeat transactions of a cardholder, so the card issuer can provide rewards for repeat business. Point of Interaction Mobile Handset Magnetic stripe, QR/barcodes and ID numbers are traditionally used to identify a customer. NFC will be adding another form factor to the group. Identity Point of Interaction Loyalty Handset Proprietary Backend System Transit … Access … Enlarge Secure Element

Home Back Exit Overview Payments Tags & Accessories Identity The payment terminal needs to be modified in order to accept a contactless transaction with loyalty (identity) information. The loyalty application is designed to capture the loyalty data and forward it to the cash register and/or backend system. As shown in the diagram the specifications are proprietary and the logic is separated from the payment functionality. Loyalty Handset Transit … Access … Isolated from Payment Kernels To Prevent Re-certification Point of Interaction PCI PTS / PCI P 2 PE Architeture and General Requirements – Book A Core Point of Interaction Kernel Book C-1 Book C-2 Kernel Book C-3 Book C-4 Entry Point Specification - Book B Contactless Communication Protocol Specification Book D Enlarge Proprietary Loyalty Application Kernel Proprietary Specifications (Separated from Payment Hardware)

Home Back Exit Overview Core Point of Interaction Loyalty Credentials OS / Baseband Payments Tags & Accessories Identity Loyalty User Interface Handset Besides a secure application in the payment terminal, a loyalty application is required on the handset. This functionality can reside as an applet in the secure element or as an application in the operating system. The Trusted Execution Environment (TEE) is another location where the loyalty credentials can be securely stored. Transit … Access … Secure Element In Standalone App or in TEE Loyalty App Loyalty Credentials In Secure Memory CLF Enlarge

Home Back Exit Overview Core Payments Tags & Accessories The transit section will provide an overview of standards involving automated fare collection. Many different transit implementations are found globally. Because transit schemes are often closed loop, they provide the ability to be more fit for purpose and tailored to local needs. However, in areas with multiple public transit operators, more standardization is required, to provide a better customer experience. Identity Fare Medium Loyalty Infrastructure Schemes Infrastructure Fare Medium Transit Schemes Access Payment Acceptance Device

Home Back Overview Core Payments Exit Overview Stack Standards Fare Medium The fare medium is a mobile representation of the physical transit ticket. OS / Baseband User Interface Tags & Accessories Secure Element Secure Application Identity Proprietary Chip Required for MIFARE Loyalty Infrastructure Transit Schemes Access Payment CLF Enlarge Proprietary Chip

Home Back Overview Core Payments Exit Stack Fare Medium Standards MIFARE 4 Mobile The fare medium is a mobile representation of the physical transit ticket. MIFARE Ultralight MIFARE Mini MIFARE Plus Applicative Protocol Tags & Accessories Smart. MX Calypso Feli. Ca ISO/IEC 14443 Variant ‘B’ JIS X 6319 -4 ISO/IEC 7816 -4 Protocol ISO/IEC 14443 A-4 Initialization Anticollision ISO/IEC 14443 A-2 ISO/IEC 14443 B -2 ISO/IEC 18092 = JIS X 6319 = NFCIP 1 ISO 14443 A-1 ISO 14443 B-1 ISO 18092 Type B Type F ISO/IEC 14443 A-3 Identity Loyalty MIFARE DESFire Infrastructure Physical Type A Transit Schemes Access Payment Enlarge

Home Overview Core Payments Exit Overview Stack Fare Medium Standards Classic Proprietary The fare medium is a mobile representation of the physical transit ticket. DESFire MIFARE Ultralight Smart. MX Tags & Accessories Card Plus Identity Loyalty Infrastructure Transit Schemes Access Payment = deprecated Enlarge Calypso Feli. Ca ISO/IEC 14443 ISO/IEC 7816 – 4 JIS X 6319 ISO/IEC 18092 MIFARE 4 Mobile Back

Home Back Overview Core Exit Overview OSPT CIPURSE Fare Medium US Standard Payments Tags & Accessories Identity Loyalty Infrastructure The international standards contain standards on a business level which specify how ticketing should be arranged on a organizational level and provide standards that define the data elements for the cards and point of interaction. Some national specifications have adopted these international standards and added requirements to customize them to local needs. Transit Schemes Access Payment Implementation (Easy Card) Specification CFMS EU Standards Multiple Implementations ITSO VDV-KA Calypso SDOA EN 1545 Standard ISO/IEC 24014 Standard Defines Data Elements Integrated Ticketing On Organizational Level CFMS: ITSO: VDV-KA: SDOA: Enlarge Contactless Fare Media Systems Intergrated Transport Smartcard Organisation Verband Deutscher Verkehrsunternehmen Specification Document Open Architecture

Home Back Exit Overview Around 300 e-ticketing schemes worldwide Core Fare Medium Payments Infrastructure Tags & Accessories Schemes Identity Loyalty Internationally there are many different e-ticketing schemes. It is out of scope of this presentation to discuss each scheme individually. This slide shows a selection of examples of the various transit schemes in the world. Transit Enlarge Access Payment

Home Back Exit Core Fare Medium Payments Payment Tags & Accessories Schemes Identity Payment Loyalty Card Overview Visa Smart Secure Storage (VS 3) Master. Card M/Chip Advanced (MOTS) Closed Loop Payment Schemes (Proprietary) Specific payment products have designed their products to store additional data to add e-ticketing functionalities such as: check in, check out, time, and travel credit. Transit Enlarge Access Visa

Home Back Exit Overview Core Payments Tags & Accessories This access section provides an overview of the relevant standards for contactless access control mechanisms. Access protocols need to be quick, therefore implementations are often built upon the same standards that are used in transit. Identity Mobile /Card Centric Loyalty Back Office Centric Transit … Access … Mobile/Card Centric Back Office Centric

Home Back Overview Core Payments Tags & Accessories Identity Loyalty Exit Overview Standards Mobile /Card Centric Card centric access control has been standardized in the U. S. Government under FIPS 201 (PIV), or mainly uses proprietary de-facto specifications such as i. CLASS and MIFARE. These specifications are being ported to mobile and build upon the known contactless standards. Back Office Centric Contactless / NFC Readers/Terminals Wall Desktop Contactless Card Handset (Card Emulation) Physical Access Logical Access Transit … Access … Enlarge

Home Back Overview Payments Tags & Accessories Identity Overview Standards Mobile /Card Centric Card centric access control has been standardized in the U. S. Government under FIPS 201 (PIV), or mainly uses proprietary de-facto specifications such as i. CLASS and MIFARE. These specifications are being ported to mobile and build upon the known contactless standards. MIFARE Family Proprietary Card Core Exit Feli. Ca Open Loyalty Back Office Centric Transit … Access … i. CLASS Enlarge ISO/IEC 14443

Home Back Overview Core Payments Tags & Accessories Identity Exit Overview Standards Mobile /Card Centric Back Office Centric Back office centric access control uses the NFC-enabled smartphone in card emulation mode. Back-end systems are used to enable the access control decision. The card-to-reader interaction builds upon the known contactless standards. CA Service PACS Server OSCP SCVP PACS Controller Loyalty Electronic Lock Transit … Access … Enlarge NFC Reader Smartphone in Card Emulation Mode Identity Server

Home Back Overview Core Exit Overview Standards MIFARE Family Mobile /Card Centric Proprietary Tags & Accessories Identity Back Office Centric Back office centric access control uses the NFC-enabled smartphone in card emulation mode. Back-end systems are used to enable the access control decision. The card-to-reader interaction builds upon the known contactless standards. Feli. Ca ISO/IEC 14443 Card Payments ISO/IEC 7816 FIPS 140 NFC Forum Loyalty NIST SP 800 -73 Transit … Access … i. CLASS Enlarge NFC Record Type Specification

Back Home Underwriters Laboratories Innovations in transactions have created new challenges related to interoperability, reliability and efficiency. Consumers, merchants, third-party processors, wireless carriers and financial institutions all play a role. With so many audiences involved, the risk of confusion increases should something go wrong with a transaction. Across a number of companies and governments, UL is helping organizations stay ahead of the game. Specifically, New Science is driving a better understanding of the benefits and challenges associated with new transaction technologies. UL facilitates the deployment of secure infrastructures built on these technologies, and enables the new technologies to be standardized and certified to operate optimally, while helping protect stakeholders from identity theft, malware, fraud, hacks and other cyber criminal activities. UL Transaction Security is advancing into new and important areas to better enable safe, efficient and seamless delivery. For mobile payments and chip and PIN technologies, UL is innovating new techniques and tests to provide greater reliability, security and interoperability. We also continuously develop aggressive attack approaches, utilizing advanced statistical analyses on cryptographic algorithms — understanding how to get past security allows us to identify effective countermeasures and to stay ahead of the hackers. “We Use our expertise to help secure card payments, enable card transactions on mobile handsets, handle mobile payments and deal with transit schemes. We know how to design these needed systems to help clients move into a new, more secure electronic era. ” Exit

Home Back Exit Smart Card Alliance About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. The Alliance invests heavily in education on the appropriate uses of technology for identification, payment and other applications and strongly advocates the use of smart card technology in a way that protects privacy and enhances data security and integrity. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart card technology, leading industry discussion on the impact and value of smart cards in the U. S. and Latin America. Smart Card Alliance Mobile and NFC Council Member Contributors Lucia D’Acunto, Collis / UL Rene Bastien, Secure. Key Technologies Brent Bowen, INSIDE Secure Peter Cattaneo, Intercede Javed Chaudry, Vi. VOtech David de. Kozan, Cubic Michael English, Heartland Payment Systems Guillaume Grincourt, CPI Card Group Shishir Gupta, NFC Forum / Kovio Peter Ho, Wells Fargo Philip Hoyer, HID Global Liz Jackson, American Express Grace Jung, Interac Deana Karhuniemi, Chase Card Services Josh Kessler, Master. Card Worldwide Sanne Ketelaar, Collis / UL Werner Koele, Infineon Technologies Peter Lee, Cor. Fire Gurpreet Manes, Safe. Net Cathy Medich, Smart Card Alliance Jeff Neafsey, IRCO Beth Odom, TSYS Akif Qazi, Discover Financial Services Peter Quadagno, Quadagno & Associates Sanjiv Rawat, Giesecke & Devrient JC Raynon, Veri. Fone Systems Kenny Reed, Datawatch Systems Steve Rogers, IQ Devices Tony Sabetti, Isis Gerry Schoenecker, Ingenico Didier Serra, INSIDE Secure Deb Spitler, HID Global Chandra Srivastava, Visa Inc. Brian Stein, Accenture Lars Suneborn, Identive Sridher Swaminathan, First Data Corp. Joe Tassone, Identive Bart van Hoek, Collis / UL Erick Wong, Visa Inc. Greg Wong, American Express Mike Zercher, NXP Semiconductors Rob Zivney, ID Technology Partners

Back Home Exit Bof. A “Card-becomes-app” Provisioning ING MRT AJAX

Home Back Trusted Service Manager Exit Mobile Network Operator OS / Baseband Service Provider Secure Element User Interface Secure Application CLF Over the Air

Home Back Exit Trusted Service Manager OS / Baseband Service Provider Secure Element User Interface Secure Application CLF Over the Internet

Home Back Exit Service Provider OS / Baseband Trusted Service Manager Secure Element User Interface Secure Application CLF PC/SC Reader Over the Wire

Home Back Exit Trusted Service Manager OS / Baseband Secure Element User Interface Secure Application Physical CLF

Back Home micro. SD A modified micro. SD card with additional secure memory and possibly NFC UICC A general purpose SIM card with additional secure memory Embedded SE A secure memory chip directly soldered to the motherboard Secure Element - Overview Exit

Home Back Exit Application Security Domain Global. Platform API OPEN and Global. Platform Trusted Framework Runtime Environment (Java Card / MULTOS) Secure Element - Diagram RTE API Proprietary Specifications

Home Back SWP /HCI Interface Exit ETSI / GCF / PTCRB SWP / HCI MIFARE 4 Mobile UICC Card Specification Global. Platform UICC Configuration UICC Contactless Configuration ISO/IEC 7816 Interface ETSI / GCF / PTCRB Secure Element - Standards BIP for UDP / TCP SCP 80 / SCP 81

Home Back Exit OS / Baseband Open. Mobile API SEEK is an implementation on Android User Interface SE Access Control Secure Element SE Access Control GPAC or GAAC standard Secure Application CLF SE Access Control - Overview

Home SE Access Control Back Exit SIM Alliance Open. Mobile API Global. Platform Secure Element Access Control RSA Laboratories PKCS #15 SE Access Control - Standards

Back Home Exit OS / Baseband Secure Element User Interface Secure Application CLF User Interface - Overview

Home Back Exit Wallet Provider Service Provider Functional Requirements Pay. Pass UI Application Requirements Master. Card Wallet Design Guide and Brand Standards Visa Expresspay Mobile Wallet Interface Guide American Express Discover EMVCo Application Activation User Interface (AAUI) User Interface - Standards

Home Back Contact Acceptance Device (POS) Contactless Mobile Acceptance device - Overview Exit

Home Back Exit Architeture and General Requirements – Book A PCI PTS / PCI P 2 PE Legend: EMVCo Kernel Book C-1 Kernel Book C-2 Kernel Book C-3 Kernel Book C-4 Entry Point Specification - Book B Contactless Communication Protocol Specification Book D PCI Proprietary Acceptance device - Diagram Proprietary Specifications

Home Back Exit Book A – Architectual requirements C 1 – Kernel JCB Book B – Entry Point Specification EMVCo C 2 – Kernel Master. Card Book C – Kernel C 3 – Kernel Visa Acceptance Device Book D – Contactless Communication Protocol C 4 – Kernel American Express PIN Security Requirements PCI PTS Point of Interaction Modular Security Requirements PCI P 2 PE Hardware Solution Requirements and Testing Procedures Proprietary Acceptance device - Standards

Home Back Exit EMV Contactless L 1 – Book A EMVCo EMV Contactless L 1 – Book D NFC Interface Visa Cross Test – Visa Internal Master. Card Perf. / Comb. / Interf. Discover Handset American Express Tag Reading & Writing NFC Forum Peer-to-Peer Security Related Global. Platform Trusted Execution Environment Global. Platform SE Access Control SWP / HCI UICC Interface ETSI / GCF / PTCRB BIP for UDP / TCP SIM Alliance Mobile Handset Open. Mobile API

Home Back OS / Baseband Secure Element User Interface Secure Application CLF Mobile Handset - Overview Exit

Home Back Exit EMV Contactless L 1 – Book A EMVCo Handset NFC Interface EMV Contactless L 1 – Book D Visa Cross test – Visa Internal Master. Card Perf. / Comb. / Interf. Discover American Express NFC Forum Security Related UICC Interface Tag Reading & Writing Peer-to-Peer Global. Platform TEE Global. Platform SE Access Control ETSI / GCF / PTCRB SWP / HCI BIP for UDP / TCP SIM Alliance Open Mobile API Mobile Handset - Standards

Home Back Exit SECM (CRS App) EMVCo PPSE UICC General SWP /HCI Interface Master. Card Perf. & Application Testing Visa Requirements for SEs ETSI / GCF / PTCRB SWP / HCI MIFARE 4 Mobile Card Spec 2. 2. 1 + UICC Config Global. Platform UICC Contactless Config. SE Access Control ISO/IEC 7816 Interface ETSI / GCF / PTCRB Secure Element - Functional BIP for UDP / TCP SCP 80 / SCP 81

Home Back Exit Master. Card (CAST) Visa (VCSP) Secure Element Chip (IC) EMVCo IC Evaluation JCB / American Express / Discover Common Criteria BSI PP 0035 Master. Card (CAST) Platform (IC + OS) Visa (VCSP) EMVCo Platform Evaluation JCB / American Express / Discover ANSSI PP 2009/02 Common Criteria PU-2009 -RT-79 (UICCs) PP 1003 (Other SE Types) Secure Element - Security

Home Back Exit Trusted Service Manager Service Provider Interfaces Service Delivery OTA Interfaces SMS KMS HSM Application Lifecycle Management Subscriber Management Work Flow Management BIP CAT-TP HTTP(S) Operations Management Analysis, Reporting & statistics CAMS PAMS Billing Services Customer Care Trusted Service Manager MNO Backend Interfaces Secure Core

Home Back Exit Mobile Master. Card Pay. Pass TSM Functional Requirements Master. Card Logical Security Requirements for Card Personalizations Bureaus Security Requirements for Mobile Payment Provisioning Generic Visa - American Expresspay Mobile TSM Security Requirements Discover TSM – Functional and Security Requirements TSM Backend Discover DFS TSM Qualification Process Service Provider AFSCM Service Provider Specific Global. Platform Messaging Interfaces MNO AFSCM MNO Specific DMSR Global. Platform Messaging Controlling Authority Global. Platform Messaging Trusted Service Manager

Home Back Exit Tag Read/Write Technology Stack Application Messages . . . NDEF RTD Protocol Tag Type Specification Protocol NFC Digital Protocol NFC Activity Specification Mode ISO/IEC 21481 ISO/IEC 18092 ISO/IEC 14443 Tag reading / writing ISO/IEC 15693

Home Back Exit NFC Data Exchange Format (NDEF) [99] NFC Forum Tag Operation [100], [101], [102], [103] NFC Forum NFC Record Type Definition (RTD) [104], [105], [106], [107], [108], [109] Tag Reader/Writer NFC Digital Protocol [112] NFC Activity [113] ISO/IEC 14443 [91], [92], [93], [94] ISO/IEC 18092 [95] ISO/IEC 21481 [97] Tag reading / writing

Home Back Peer to Peer . . . Messages SNEP Protocol LLCP Protocol Exit Technology Stack NFC Digital Protocol NFC Activity Specification Mode ISO/IEC 21481 ISO/IEC 18092 ISO/IEC 14443 Peer to Peer ISO/IEC 15693

Home Back Exit NFC Data Exchange Format (NDEF) [99] NFC Simple NDEF Exchange Protocol (SNEP) [114] NFC Forum NFC Logical Link Control Protocol (LLCP) [111] Peer to Peer NFC Digital Protocol [112] NFC Activity [113] ISO/IEC 14443 [91], [92], [93], [94] ISO/IEC 18092 [95] ISO/IEC 21481 [97] Peer to Peer

Home Back Exit NFC Forum Connection Handover [110] NFC Forum Pairing Bluetooth Secure Simple Pairing Using NFC [116] Tag Reader / Writer NFC Mode Peer to Peer NFC Pairing Modes: Negotiated Handover (between two devices, using P 2 P mode) and Static Handover (between a device and an NFC Forum NDEF Tag) Peer to Peer

Home Back Exit NFC Mobile Device as an Identity Credential Reader NFC Mobile Device as an Identity Credential = Example Use Cases • Emergency Responder Scene Access • Medical Services • Campus Identification Example Use Cases • Physical Access to Facilities • Logical Access • Healthcare Record Access • Border Crossing Identity

Home Back 14443 Identity ISO Exit Identity Card Application Proprietary Identity Reader Applicaion Identity

Home Back Exit Mobile Handset Point of Interaction Proprietary Backend System Secure Element Loyalty

Home Back Exit Isolated from Payment Kernels To Prevent Re-certification Point of Interaction Architeture and General Requirements – Book A PCI PTS / PCI P 2 PE Kernel Book C-1 Kernel Book C-2 Kernel Book C-3 Proprietary Loyalty Application Kernel Book C-4 Entry Point Specification - Book B Contactless Communication Protocol Specification Book D Loyalty - Point of Interaction Proprietary Specifications (Separated from Payment Hardware)

Home Back Exit Loyalty Credentials OS / Baseband Secure Element In Standalone App or in TEE User Interface Loyalty App Loyalty Credentials In Secure Memory CLF Loyalty - Handset

Home Back OS / Baseband Secure Element Exit User Interface Secure Application Proprietary Chip Required for MIFARE CLF Proprietary Chip Transit – Fare Medium

Home Back Exit MIFARE 4 Mobile MIFARE Ultralight MIFARE Mini MIFARE Plus MIFARE DESFire Applicative Protocol ISO/IEC 14443 A-4 Feli. Ca ISO/IEC 14443 Variant “B’ JIS X 6319 -4 ISO/IEC 14443 A-3 ISO/IEC 14443 A-2 Physical Calypso ISO/IEC 7816 -4 Protocol Initialization Anticollision Smart MX ISO/IEC 14443 B-2 ISO/IEC 18092 = JIS X 6319 = NFCIP 1 ISO/IEC 14443 A-1 ISO/IEC 14443 B-1 ISO/IEC 18092 Type A Type B Type F Transit – Fare Medium

Home Back Exit Classic DESFire MIFARE Ultralight Smart. MX Card Plus Calypso Feli. Ca ISO/IEC 14443 ISO/IEC 7816 – 4 JIS X 6319 ISO/IEC 18092 = deprecated Transit – Fare Medium MIFARE 4 Mobile Proprietary

Home Back Exit OSPT CIPURSE US Standard Implementation (Easy Card) CFMS EU Standards Multiple Implementations ITSO VDV-KA Calypso Specification SDOA EN 1545 Standard ISO/IEC 24014 Standard Defines Data Elements Integrated Ticketing On Organizational Level CFMS: ITSO: VDV-KA: SDOA: Transit – Infrastructure Contactless Fare Media Systems Intergrated Transport Smartcard Organisation Verband Deutscher Verkehrsunternehmen Specification Document Open Architecture

Home Back Exit CFMS Architecture Regional Central System Part V – Compliance Certification and Testing Standard Part IV – System Security Planning and Implementation Guidelines Part I – Introduction and Overview Part III – Regional Central System Interface Standard Agent Central System Concentrator Card Interface Device PICC Transit – Infrastructure Part II – Contactless Fare Media Data Format and Interface Standard.

Back Home Around 300 e-ticketing schemes worldwide Transit – Schemes Exit

Home Card Back Exit Visa Smart Secure Storage (VS 3) Master. Card M/Chip Advanced (MOTS) Closed Loop Payment Schemes (Proprietary) Transit – Schemes

Back Home Exit Contactless / NFC Readers / Terminals Wall Reader Desktop Contactless Card Handset (Card Emulation) Physical Access Logical Access Control

Home Back Exit MIFARE Family Card Proprietary i. CLASS Feli. Ca Open Access Control ISO/IEC 14443

Home Back Exit CA Service OSCP SCVP PACS Server PACS Controller Electronic Lock NFC Reader Smartphone in Card Emulation Mode Access Control Identity Server

Home Back Exit MIFARE Family Proprietary i. CLASS Feli. Ca Card ISO/IEC 14443 ISO/IEC 7816 FIPS 140 NFC Forum NIST SP 800 -73 Access Control NFC Record Type Specification