Last night, I was excitedly describing NFC technology to my friend after returning from the NFC Solution Summit 2013. She responded, “Oh. I watched Samsung’s commercial on TV. How could it be safe if you were to carry the phone in a crowd where anyone could tap into it?”
As a potential consumer, she brought up two good points: The first is that Samsung’s commercial effectively educates its audience about the technology. The second, however, is that security will be a key concern.
The NFC Solution Summit2013 conference (May 15 – 16) brought together nearly 400 attendees from banking industry, telecom operators, smart card and semi-conductor manufactures, technology solution providers, system integrators and mobile app developers. The conversation focused heavily on payment and security.
For example: Telecom operators have control over the secure element (SE) in the SIM card. The SE is composed of software and tamper-resistant hardware. It allows high levels of security. Therefore the operator’s business strategy could be to use the SE real estate in order to lead economic logic and charge premium prices because service is unmatchable. However, they would consequently have to build and maintain an infrastructure to control the access of the SE.
Sequent, a provider for Mobile Network Operator (MNO) Trusted Secure Manager (TSM), maintains that telecom operators can drive innovation in app development by allowing apps to use any and all credentials in the SE. This also makes economic sense for the operators, as the cost of infrastructure can therefore be shared by the app developers or end users.
At the same time, SE is available in multiple form factors such as Plastic SmartCard, eSE, Micro SD etc. The solution providers could choose these alternatives instead of using UICC (SIM). Validity suggested that the best way to manage risk on a mobile device is to create a strong tie between the user of the account and the device itself. This linkage can easily be attained by building Natural ID into the mobile device, thereby improving the security of transactions while simultaneously improving the user experience by minimizing data entry requirements.
The ecosystem also supports the development of the Trusted Execution Environment (TEE). The TEE is a secure area that resides in the main processor of a smart phone and provides end-to-end security for the safe executive of authorized software, known as ‘trusted applications’. TEE is a layer between Rich OS and SE.
The two-day conference was presented by the NFC Forum and the Smart Card Alliance Mobile. The NFC Forum welcomes participation from all organizations interested in helping to build the NFC market and ecosystem.
The Smart Card Alliance Mobile and NFC Council, in partnership with GlobalPlatform and the NFC Forum, hosted a series of four webinars on mobile and NFC security fundamentals. The webinar series provide an educational resource for mobile application developers and the mobile community on the choices for security implementations for NFC applications. Recordings from the webinars are available on the Smart Card Alliance website.