On October 31, 2013, Google released the latest Android 4.4 operating system, which mentioned the new NFC feature - HCE (Host Card Emulation). It provides a possible solution for "brush phone" applications based on common UIM cards and general purpose devices. This article summarizes a variety of information, and hopes to analyze the impact of HCE technology from the perspective of HCE program itself, security and business.
If you have questions about some of the basic concepts covered in this article, please see another article in this issue, "Small Banknote Classroom."
Characteristics of the HCE program
The HCE solution has the following features and benefits:
compatibility
Fully compatible with common UIM cards and Android phones that support NFC (including NFC custom machines and standard models), there are no special requirements except system requirements to support 4.4 and above;
Compatible with existing transaction processing flow, from communication frequency to transaction flow, transaction instruction flow and transaction result feedback, adopting HCE scheme “brush mobile phone†transaction process and “swapping mobile phone†transaction process adopting NFC-SE scheme and standard non-contact The transaction process of the cards is completely the same, and the user experience is exactly the same;
Compatible with existing terminal devices, you can directly support “brush phone†transactions without any technical development; for terminal devices in a purely offline environment, it may be necessary to add corresponding judgments to the blacklist for security reasons. Rules, but it does not involve the development and adjustment of processes.
Expandability
Since the HCE application technology implements the card simulation function through the application (APP) on the smartphone, there is naturally a mobile application (APP) platform, which can provide cardholders with more supporting service functions and also for the issuer. Bring more possibilities for business expansion. It is very convenient to complete application publishing and application push through a simple APP update.
More comparisons between HCE and SE solutions are as follows:
HCE technology security
The HCE technology only implements the HCE service that sends the data of the NFC card reader to the operating system or returns the reply data to the NFC card reader. However, the processing of the data and the storage of the sensitive information are not specifically implemented, so in the end HCE Technology is a protocol and implementation that simulates NFC and SE communications. However, HCE does not implement SE. It only uses NFC to communicate with SE to tell the NFC reader to have SE support behind it, so as to complete the security guarantee of NFC service in virtual SE mode. Since there is no SE, what does HCE use as the SE? The solution is either a simulation of the local software or a simulation of the cloud server.
For local software emulation SE solutions, user sensitive information and transaction data are stored locally. The transaction process and data storage are managed by the operating system, which provides a basic security mechanism (such as the operating system can run each program in a sandbox, which prevents an application from accessing data from other applications). ). But the security of the Android system is inherently poor, so this security guarantee is very fragile. When an Android phone is rooted, the user can get the highest privilege of the system, so basically you can do whatever you want.
Compared to traditional SE-based NFC solutions, HCE technology may face the following risks:
1. The user can perform root operation on the terminal, and the root user can obtain all the information stored in the application, including sensitive data like payment credentials, which makes the malware have the opportunity to obtain sensitive information. Statistically speaking, only a small number of Android terminals have root operations, but this still means the number of terminals in millions of levels.
2. Malware can use its own root operating system. For the previous Android system, due to some vulnerabilities, a lot of malware can be directly rooted. Although these vulnerabilities seem to be not particularly large (for example, if users don't install Android software from unknown sources), this is still a problem to consider.
It is difficult to make up for a known vulnerability in Android because of the lengthy update process of Android, which takes a long time to update most of the terminals on the market to the latest system version. If a defect occurs in the system version that supports HCE, it also takes a long enough time to solve the defect problem on the existing terminal.
3. If the mobile phone is lost or stolen, a malicious user can access the terminal's storage system through the root terminal or through other means, and obtain various information stored in the application. This can lead to fatal problems, such as malicious users can use this sensitive data to complete some fake card transactions.
It can be seen that the security guarantee mechanism provided by the Android system is very limited, and once it is rooted, this mechanism will disappear. Improving the security of HCE technology can be considered in two ways. One is to provide a more secure location for storing sensitive information, and the other is to provide a more secure mechanism to ensure the security of information at this location.
Storage location for sensitive information
Although the HCE service runs on the Android system, the SP can require sensitive information storage and processing to be placed in a more secure location. There are four locations to choose from, and they all have a different balance between security and usage costs.
Host
This is the simplest but least secure implementation, which puts the storage and processing of data directly on the host's application. There is no additional protection other than the very basic security mechanisms provided by the operating system. It is also the easiest to implement, but there is no precautions for Root's system.
Cloud SE
In this way, the HCE service sends requests to the cloud over the mobile network, and the sensitive information is stored and processed in the cloud server. Security is higher than processing and storage directly on the host's application, but at this point the mobile network becomes more important. Network coverage and network latency can be a big problem, and it can't be used where the network is not covered or the signal is poor. The time for a mobile payment transaction is less than one second, and the cloud SE solution does not guarantee this in terms of speed. In addition, there is a certification problem in the cloud SE. If the certificate of the device to the cloud SE is placed in the HCE service, the security of the cloud SE solution is greatly reduced. This problem can be solved by the user (such as login), but the user experience is very poor. Or use a separate hardware SE to handle authentication issues. At present, this solution is most suitable for mobile payment services with higher security.
Trusted Execution Environment (TEE)
Trusted Execution Environment (TEE) is an execution environment that is independent of the operating system and is designed to provide security services. TEE has its own independent software and hardware resources, and provides a secure service interface. The storage and processing of user sensitive information are carried out in this environment. Since TEE runs its own independent system, the Android main system is not affected by Root. The security provided by TEE is generally higher than that of cloud SE, but it still does not meet the security provided by SE because it does not have the anti-tampering mechanism of SE. The TEE solution is much like the traditional SE-based solution, so it is more complicated to implement and the standard is not finalized.
UICC or embedded SE
This approach provides the highest level of security and the storage and processing of sensitive information on a separate security module (SE). However, the HCE technology has no superiority compared with the traditional SE-based card emulation scheme, and even increases the complexity of the implementation (the traditional method is to go directly to the SE, and now it reaches the SE through the operating system).
Safe mechanism
There are many ways to ensure the security of the application. In principle, these methods can be used in the above four scenarios to achieve a more secure HCE payment solution. Of course, using these mechanisms will increase the complexity of the user's use, and will also increase the difficulty of the developer's implementation. We must make a trade-off between security, user convenience, and cost to choose the right mechanism.
Regarding the security mechanism, there are several directions to consider: user authentication, transaction restrictions, Android system check, data encryption, and so on.
HCE's impact on the industrial chain
HCE will help shorten the NFC industry chain, help solve the NFC dilemma, and facilitate the rapid deployment of SP (Service Provider) services.
For traditional operators, card vendors and TSM providers, HCE is a challenge. It should speed up the transformation of product services and adapt to and guide the development of new technologies.
For operators, before adopting HCE, detailed cost estimates must be made to determine whether the risk of adopting HCE technology is controllable or whether the possible losses are affordable. In addition, for open-loop payment service operators, the adoption of HCE must also coordinate the rights and responsibilities of all parties involved and design risk response strategies and rules. This is also a big challenge for operators.
For the existing TSM platform, the HCE makes the TSM platform need to make corresponding functional changes to realize the personalization of the Applet from the SE and the evolution of the personalization function of the HCE service.
For the SP, it is beneficial to speed up the deployment of NFC services and reduce the transaction cost of issuing cards, but we should weigh the relationship between it and security. HCE is important for SPs who are willing to trade for a larger market share with faster security, faster deployment speeds, and lower investment. HCE may allow SPs to not pay too much attention to the cooperation with SE issuers, but to pay more attention to the business itself that can be achieved with HCE.
For payment organizations, the responsibilities of each participant should be coordinated, risk management should be strengthened, and standards should be harmonized. The attitude of the payment organization to HCE is also crucial for the promotion of HCE.
HCE outlook
HCE laid the foundation for the future of mobile payments and regained market interest in NFC mobile payments. HCE is built on an open architecture that enables generalized mobile payments and other NFC services, including customer loyalty programs, building access and transit passes, to be delivered without the use of secure components. From the current point of view, NFC is undoubtedly the most effective technology for instant connection to consumer mobile phones and merchants' POS terminals for payment, as well as other communications such as point activities. The emergence of HCE has opened a door for these non-financial payment O2O businesses, providing a safe simulation to a certain extent, and economically solving SE problems, which has greatly contributed to the vigorous development of the business.
As for the financial level of mobile payment, whether HCE can enter the room, the first depends on whether the card organization can solve the security problem of local software and remote cloud SE. The second is to see if the above-mentioned institutions and government are willing to accept the technical solution. Such a scheme. At present, there are individual operators and banks in China that try to use HCE-like technology on a small scale, hoping to promote the development of mobile payment, but whether it can become a standard and form a scale will take time to test.
Thermal Printers Cleaning Kits
Cleaning Pen For Card Printer,Ipa Cleaning Pen For Card Printer,Pre-Saturated Ipa Cleaning Pen,Presaturated Ipa Wipes
Miraclean Technology Co., Ltd. , https://www.mrccleanroom.com