What is special about the NFC device (a cellphone) architecture is that besides chip and antenna (similar to any other RFID device) it also includes the Secure Element. This is a component that allows for security of NFC communication
There are three types of Secure Elements:
- SIM Card as a Secure Element
- Embedded Secure Element
- Alternative (Add-on) Secure Elements
The SIM card as a Secure Element
The SIM card is the preferred Secure Element by mobile operators operating networks based on the GSM standard. SIM Cards are issued and owned by the mobile operators and will put the mobile operator in a position, where they control, which NFC applications are being downloaded and used. Many mobile operators are working on a wallet, where they provide the NFC service to their subscribers and the NFC applications are installed on the SIM card.
There are a few appealing technical reasons for having the SIM as the Secured Element. Over The Air management of the SIM is standardized and is a proven technology being used by most mobile operators today. Portability is another interesting aspect; when the subscriber puts the SIM into a new NFC enabled phone the NFC applications follows. Many mobile operators have Automatic Device Detection solutions in place, where backend servers detect when the SIM is being put into a new device. The SIM also holds the mobile subscription and can always be reached by using the phone number of the subscription.
Embedded Secure Elements
The secure element can be integrated into the phone itself by the phone manufacturer as an Embedded Secure Element since it is a part of the phone. Many of the NFC chips come with an embedded Secure Element like the chips from NXP and Inside Secure. An interesting point with embedded Secure Elements is who will be the owner of the Secure Element.
Some handset manufacturers like Google and RIM are launching their own wallet, where they own and control the embedded Secure Element. Google has come up originally with Google Pay and dropped use of the NFC technology (perhaps due to the fact that it was owned and run by the manufacturers) but in 2015 Google acquired the IP of Softcard (carrier backed competitor) and integrated it into the Google Wallet as well as made an agreement with mobile operators (AT&T, T-Mobile US and Verizon) that they would bundle Google Wallet with their devices. The Google Wallet resulting from these agreements was renamed to Android Pay and is again utilizing NFC.
Alternative (add-on) form factors.
Over the last couple of years, we have seen multiple of different attempts to make existing mobile phones NFC enabled by adding an external device with included NFC chip, antenna and Secure Element. The most successful which has been used in many pilots and trials is the microSD card. Many mobile phones today have a microSD slot and by inserting a NFC enabled microSD, there would be millions of potential NFC users. Service providers like banks has performed many tests with microSDs and one of the benefits they see is that they can be the issuer and don’t have to depend on a mobile operator.
One of the technical challenges with NFC enabled microSDs is the RF performance which is dependent on where microSd slot is placed on the phone and how the back cover is constructed. A few new NFC mobile phones support having a microSD as the Secure Element and communicate to the microSD using Secure Wire Protocol (SWP) as with the SIM card.
In the next post we will explore the NFC security a little deeper. Stay tuned!