4. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.1 Why NFC Standard
➢Applications in all domains
➢Not only mobile payment!
➢Tourism, Marketing, Ticketing,
Healthcare, Office, Administration,
Leisure, Education, Industry,
Financial and rural inclusion…
➢E.g. IoT uses cases:
➢Data sharing
➢Data collection
➢Devices pairing
➢Smart cities
➢Smart home
➢Carsharing
➢Automation…
4
Toma Cristian, Cristian Ciurea
and Ion Ivan [CC BY 3.0
(https://creativecommons.org/l
icenses/by/3.0)]
5. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.1 Why NFC Standard
➢Smart home example:
✓Access control
✓Appliances' pairing and
setup
✓Triggering events
✓Activation/deactivation
automation according
the user’s preferences
✓Camera and sensors
data collection
✓Etc….
5
6. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.1 Why NFC Standard
➢Advantages:
✓Global standard widely deployed
✓Mobile and wearable
✓User friendly (easy to use)
✓Natural gesture
✓Respect of privacy
✓Economic (no battery required)
✓Fast connection
✓Compatible with existing architecture
✓Unlimited use cases…
6
8. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢RFID passive tag
8
Antenna
Chip
(UID)
➢ Animals identification
➢ Products traceability
➢ Antitheft
➢ Electronic documents
➢ Chip cards
➢ …
The contactless smartcard is also a tag type!
9. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢RFID active reader (polling device)
9
Image source:
https://commons.wikimedi
a.org/wiki/File:RFID-
Зураг.jpg
10. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢Competing RFID-based standards
➢1999: Wi-Fi Alliance
➢1999: Bluetooth (initially proposed by Ericson)
➢2003: Zigbee Alliance (left by Philips semiconductors at the time)
➢2004: Near Field Communication (NFC) deployed into the
mobile Nokia 6131
➢2004: Bluetooth Low End Extension evolved into Bluetooth Low
Energy (2010) deployed in Apple iPhone 4S (2011)
10
11. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢NFC won the battle of the smartphone
➢2004: ECMA-340 (NFCIP-1) 1st publication of the standard;
NFC Forum is founded by the inventors of NFC, Philips semiconductors
(now become NXP) and Sony joined by Nokia
➢2009: 1st specification of P2P active mode of NFC
➢2010: 1st NFC-enabled Android smartphone Nexus S by Google
2013: NFC is deployed in Windows phones
➢2015: NFC is deployed in Apple iPhones
➢ Today all recent smartphones are NFC-enable
11
12. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢NFC devices inductive coupling: passive mode
12
The passive device is activated by the active device
13. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢NFC devices inductive coupling: active mode (P2P)
13
Both devices are empowered;
a polling device initiates the
communication with the
listening device and both
devices can alternately
exchange data to the other in
the active P2P mode.
14. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.2. From RFID to NFC
➢Summary
➢NFC belongs to RFID family
➢NFC standard is managed by the NFC Forum (www.nfc-forum.org) founded by the inventors of
NFC in 2004
➢NFC is RF-based contactless communication in active and passive mode
➢An NFC empowered active device acts as a reader/encoder for NFC passive tags (without
battery): the inducted energy (electromagnetic field) is generated by the active device
➢The NFC chip can be uniquely identified by its unique identifier (UID)
➢The contactless smartcard is an NFC passive tag type
➢Two active NFC-enabled devices can also exchange data in P2P active mode
➢A mobile phone equipped with NFC becomes a P2P device and an NFC reader/encoder and
a contactless smartcard
14
16. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard
➢Standard vs proprietary?
➢Proprietary is a black box controlled by one stakeholder…
➢NFC ecosystem involves several stakeholders:
➢Chip manufacturers
➢Readers manufacturers
➢Mobile manufacturers…
➢Software and services providers (operating systems, drivers, middleware,
applications, etc.)
➢…
➢NEED FOR INTERFACES AND PROTOCOLS SPECIFICATION!
16
17. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: RF technologies
17
18. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: RF technologies
18
19. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard
19
Frequency: 13.56MHz (High Frequency)
OPEN Frequency (no licence required)
Range: Very short <10 cm
(<4 cm in practice)
Data rate: From 106 Kb/s to 848 Kb/s
(424Kb/s in NFCIP-1 standard)
Connection time: 0.1 second
(vs. 0.5 second for the infrared
1 second for the Bluetooth®)
20. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard
➢ISO/IEC 14443: Identification cards -- Contactless integrated circuit
cards -- Proximity cards
➢ISO/IEC 14443-1:2016 Part 1: Physical characteristics
➢ISO/IEC 14443-2:2016 Part 2: Radio frequency power and signal
interface
➢ISO/IEC 14443-3:2016 Part 3: Initialization and anticollision
➢ISO/IEC 14443-4:2016 Part 4: Transmission protocol
20
21. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard
21
Source Erik Hubers. Licensed under CC BY-SA 4.0
22. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: Tag types
22
23. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard
23
24. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: Analog signal and
digital transposition
24
➢The 3 types of RF interfaces (plus one since 2015)
➢NFC-A (e.g. NXP): Miller (polling) and Manchester (listening) coding used
with an amplitude modulation at 100% ASK (zero signal during breaks) at
106 Kbps
➢NFC-B (e.g. STMicroelectronics): NRZ coding with an amplitude
modulation at 10% ASK (polling, weak signal during breaks) and modulation
BPSK (listening) at 106Kbps
➢NFC-F (e.g. Sony FeliCa): Manchester coding with ASK amplitude
modulation at 212 or 424 Kbps
➢NFC-V (new tag type 5 for Vicinity cards): based on ISO/IEC 15693
specification (longer RF range)
25. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: Analog signal and
digital transposition
25
➢Amplitude Shift Keying (ASK) modulation
The state transition is made by changing the amplitude of the
signal: The amplitude is decreased or zero.
26. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: Analog signal and
digital transposition
26
➢Binary Phase Shift Keying (BPSK) modulation
At each state transition, the signal amplitude is inverted, creating
a phase jump.
27. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: Analog signal and
digital transposition
27
➢Binary coding
28. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: Analog signal and
digital transposition
28
➢Non Return to Zero (NRZ): A positive voltage represents the
data bit at "1", while a negative voltage represents the bit at "0".
➢Manchester (or biphase): Coding by transition (not by level); a
rising edge transition represents a data bit at "0". A transition on a
falling edge represents a bit at "1".
➢Miller: Manchester coding from which we remove a transition on
two: For "1", we insert a transition in the middle of the interval.
For "0", no transition unless the next bit is "0", then add a
transition at the end of the interval.
29. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard
29
Source: NFC Forum http://www.nfc-forum.org
30. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.3. NFC Standard: NFC Forum
30
Images source NFC Forum: http://www.nfc-forum.org
N-Mark of the NFC Forum
31. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)31
➢NFC Forum Technical Specifications (sample)
▪ NFC Logical Link Control Protocol (LLCP)
▪ NFC Controller Interface (NCI)
▪ NFC Data Exchange Format (NDEF)
▪ Type tag 1 – 2 – 3 – 4 – 5
▪ Record Type Definitions (RTDs) and four specific RTDs: Text, URI, Smart Poster, and
Generic Control
▪ Connection Handover (P2P pairing)
▪ Personal Health Device Communication
▪ …
1.3. NFC Standard: NFC Forum
32. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)32
➢NFC Data Exchange Format (NDEF)
▪ NDEF messages are exchanged over NFC
▪ NDEF message can be stored in an NFC passive tag
▪ NDEF message contains NDEF records
▪ NDEF records contain a Header and a Payload
1.3. NFC Standard: NFC Forum
33. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)33
➢NDEF message
7 MB (Message Begin) 1 = start of the message
6 ME (Message End) 1 = end of the message
5 CF (Chunk Flag) 1 = start of a parcelable record
4 SR (Short Record) 1 = record format type (normal or short)
3 IL (Id Length) 1 = record identifier lenght
2
TNF
(Type Name Format)
Data type (3 bytes)
0x00 = empty
0x01 = NFC Forum type
0x02 = Media Type (MIME) NOT NFC
Forum
0x03 = absolute URI
…
1
0
1.3. NFC Standard: NFC Forum
34. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)34
➢Type Name Format (TNF)
• Example of the URI type: ”U”
➢0x00 : no prefixe
➢0x01 : http://www.
➢0x02 : https://www.
➢0x03 : http://
➢0x04 : https://
➢0x05 : tel:
➢0x06 : mailto:
➢0x1D : file://
➢0x24...0xFF : futur use
Well known types managed by the NFC Forum
1.3. NFC Standard: NFC Forum
35. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Summary
▪ NFC is a global standard providing a generic interface for several proprietary
technologies,
▪ NFC operates on the unlicensed frequency of 13.56MHz with a very short
range <10cm and a low data rate but a fast connectivity,
▪ NFC is standardized by the ISO/IEC 14443 standard (proximity cards) which is
divided into 4 parts:
▪ Part 1: Physical characteristics,
▪ Part 2: Radio frequency power and signal interface,
▪ Part 3: Initialization and anticollision,
▪ Part 4: Transmission protocol.
▪ The NFC Forum manages 5 tag types based on 4 technologies NFC-A, NFC-B,
NFC-F and NFC-V and several technical specifications around NFC such as LLCP,
NCI, NDEF and RTD that define for instance the NFC communication interface
and protocol and the NFC message format and type.
35
1.3. NFC Standard
37. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
1.4. The 3 operating modes of NFC
standard
37
37
➢The Read/Write mode
An NFC active device reads any passive tag type of the NFC Forum
(compliant with ISO 14443 RF interface): use cases are similar to
barcodes or QR-codes, the tag UID and/or the tag content make the link
with the digital world.
➢The Peer-to-Peer (P2P) mode
Two NFC active devices can exchange data according ISO/IEC 18092
standard: picture, business card, URL, file… Or pairing information to
setup another connectivity such as the Wi-Fi or Bluetooth for instance.
➢The Card Emlulation mode
An NFC active device acts as a contactless smartcard reader while
another NFC device is or behaves like a contactless smartcard (passive
tag type 4). In this mode of NFC the data is exchanged using the
Application Protocol Data Unit (APDU) described by ISO/IEC 7816-4
standard.
38. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)38
➢The Read/Write (R/W) mode of NFC
Read a passive tag
Energy
Data (UID)
Write a passive tag
Energy and data
Ok
NFC active device
(reader)
NFC active device
(reader)
Tag picture source: Berndo [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)]
store
data
1.4. The 3 operating modes of NFC
standard
39. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢The Read/Write (R/W) mode of NFC
Public transportation information
(Nice, France): Lignes d’Azur Mobile
https://play.google.com/store/apps
/details?id=fr.cityway.android.st2n
&hl=fr
1.4. The 3 operating modes of NFC
standard
40. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)40
➢The Peer-to-Peer (P2P) mode of NFC
NFC P2P
active device
NFC P2P
active device
Data
Data
1.4. The 3 operating modes of NFC
standard
41. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)41
➢The Peer-to-Peer (P2P) mode of NFC
1.4. The 3 operating modes of NFC
standard
42. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)42
➢The Card Emulation mode of NFC
The smartphone can act both as an NFC terminal
and as a contactless smartcard
APDU command (ISO 7816-4)
APDU response
1.4. The 3 operating modes of NFC
standard
43. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)43
➢The Card Emulation mode of NFC
Picture source: HLundgaard [CC BY-SA 3.0
(https://creativecommons.org/licenses/by-sa/3.0)]
1.4. The 3 operating modes of NFC
standard
44. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Summary
▪ Finally, NFC is implemented with 3 operating modes:
✓The Read/Write mode:
an active NFC-device can read/write on NFC passive tags
✓The P2P mode:
2 active NFC-devices can exchange data
✓The Card Emulation mode:
an active NFC-device plays the role of the contactless smartcard reader
and a passive NFC-device behaves like a contactless smartcard which is
also a tag type (4). They communicate using APDU protocol standardized
by ISO/IEC 7816-4 (Identification cards -- Integrated circuit cards -- Part 4:
Organization, security and commands for interchange)
44
1.4. The 3 operating modes of NFC
standard
45. www.mbds-fr.org
2. NFC card emulation mode
ecosystem and architecture
Dr Anne-Marie Lesas
University of Nice – Sophia-Antipolis, France
45
47. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢OPEN API (e.g. Android platform)
1. Read/Write mode
2. P2P mode
Ex: Tourism, Marketing 2.0, devices pairing...
➢RESTRICTED API
3. Card Emulation mode
Ex: M-payment (EMV, AMEX), Ticketing (transport), Access
control...
➔ SECURE ELEMENT (SE), NFC MOBILE WALLET
➔ TSM (& OTA)
47
2.1. The mobile wallet
48. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
2.1. The mobile wallet
48
➢Reminder
➢NFC contactless communication standard
➢NFC Card Emulation Mode contactless communication
compatible with smartcards protocol (APDU)
➢Mobile wallet Mobile application (software)
➢Mobile payment Use case
➢NFC One solution among other technologies
49. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
2.1. The mobile wallet
49
➢NFC card emulation mode
✓Credit/debit cards
✓Access cards
✓Identity cards
✓Transport cards
✓Loyalty cards
✓Insurance cards
✓…
50. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
2.1. The mobile wallet
50
50
SECURE
ELEMENT
➢Mobile wallet services
✓Smartcard services
✓Electronic documents
✓Tickets
✓Vouchers
✓Coupons
✓Digital money
✓…
51. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Overview of an NFC secure element-based mobile wallet
application configuration
Inside the mobile
51
2.1. The mobile wallet
52. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢The mobile wallet implements the card emulation mode of NFC standard
➢The wallet mobile app is made of 2 software components:
1. The man-machine interface is a ”normal” mobile app running into the operating system of the mobile
host and benefits from all the advanced features and the Internet connectivity of the smartphone
2. The sensitive data and processing are stored and run into the Secure Element (SE) of the smartcard
type (hardware)
➢The mobile host application can connect the SE and send APDU commands from a SE API
➢The contactless transaction is made from a terminal application (NFC reader) with the SE
(NFC tag) using APDU protocol
➢A SE can host several services from several service providers
➢An application running inside a SE is called an Applet by inheritance from JavaCard
Superclass (or a Cardlet)
52
2.1. The mobile wallet
54. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢NFC card emulation mode
Secure Element (SE)
✓SE = Smartcard chip
✓Own Operating System
(SOC JavaCard-based)
✓ROM, RAM, EEPROM
✓Secure storage (tamper resistant)
✓Cryptography mechanisms (API)
✓Multi-applications
✓APDU interface
✓Very small size
54
2.2. The Secure Element
Generic diagram of the components of a smart card with dual interface (Author =Vlopes)
55. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Smartcard manufacturers
✓Gemalto
✓Oberthur
✓ACS
✓Axalto (Schlumberger)
✓Infineon
✓Multos
➢…
➢NFC chip manufacturers
✓NXP
✓STMicroelectronics
✓Broadcom
✓Qualcomm
✓Gemalto
✓Oberthur
✓…
55
2.2. The Secure Element
56. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢SE architecture
56
2.2. The Secure Element
57. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢SE service 3 deployment models
✓Simple mode: Only the SE issuer manages the SE content
(SP monitoring)
✓Delegate mode: a preauthorization is required from the SE
issuer (one time access token)
✓Authorized mode: the SP has full access to the security
domain
57
2.2. The Secure Element
58. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢SE into the mobile: 3 hardware form factors
✓The SIM card (UICC): controlled by the Mobile Network Operator (MNO)
58
2.2. The Secure Element
59. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢SE into the mobile: 3 hardware form factors
✓The SIM card (UICC): controlled by the Mobile Network Operator (MNO)
✓Embedded: controlled by the mobile handset manufacturer
59
2.2. The Secure Element
60. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢SE into the mobile: 3 hardware form factors
✓The SIM card (UICC): controlled by the Mobile Network Operator (MNO)
✓Embedded: controlled by the mobile handset manufacturer
✓External/removable MicroSD (with or without RF interface)
2.2. The Secure Element
60
61. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Communicating with the SE: SE API (inherited from contact cards)
1. Detect
2. Connect
3. Open channel
4. Send APDU command
5. Receive APDU response
6. Close channel
7. Disconnect
61
2.2. The Secure Element
62. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)62
2.2. The Secure Element
➢Application Protocol Data Unit (APDU)
63. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Application Protocol Data Unit (APDU)
✓APDU structures (bytes arrays)
❑APDU command (C-APDU)
❑APDU response (R-APDU)
63
2.2. The Secure Element
Optional
64. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Application Protocol Data Unit (APDU)
✓APDU command (C-APDU) fields
❑CLA: class of the command (mandatory 1 byte)
❑IN:; instruction code (1 byte)
❑P1: first parameter (1 byte)
❑P2: second parameter (1 byte)
❑Lc: length of the data (1-3 bytes)
❑Data: payload of the length indicated in the Lc field
❑Le: expected maximum length of the response or 0x00 (1-3 bytes)
64
2.2. The Secure Element
65. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Application Protocol Data Unit (APDU)
✓APDU response (R-APDU) fields
❑Data: optional response data
❑SW1: Status Word 1 (1 byte)
❑SW2: Status Word 2 (1 byte)
65
2.2. The Secure Element
Optional
66. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢APDU protocol
66
2.2. The Secure Element
Sample of APDU fields values
67. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢APDU INS codes
(ISO 7816-4)
67
2.2. The Secure Element
Sample of INS codes
68. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢APDU INS codes
68
2.2. The Secure Element
Instruction name Description {INS} Standard
READ RECORD Read a file record ‘B2’ TS 51.011 ISO/IEC 7816-4
SELECT Select a dedicated file ‘A4’ TS 51.011 ISO/IEC 7816-4
UPDATE RECORD Update a record ‘DC’ TS 51.011, ISO/IEC 7816-4
VERIFY (CHV) Check authentication data (e.g. a PIN code) ‘20’ TS 51.011 ISO/IEC 7816-4, EMV
WRITE RECORD Write a file record ‘D2’ ISO/IEC 7816-4
ACTIVATE FILE Unblock a file ‘44’ ISO/IEC 7816-9
APPEND RECORD Add a record in a fixed length file ‘E2’ ISO/IEC 7816-4
APPLICATION BLOCK Block an application ‘1E’ EMV
APPLICATION UNBLOCK Unblock an application ‘18’ EMV
ASK RANDOM Request random number ‘84’ EN 726-3
GET CHALLENGE Request a random number ‘84’ ISO/IEC 7816-4
GIVE RANDOM Send a random number ‘86’ EN 726-3
CHANGE CHV Change PIN code ‘24’ TS 51.011
CHANGE REFERENCE DATA Change authentication data ‘24’ ISO/IEC 7816-8
CLOSE APPLICATION Reset all access conditions to an application ‘AC’ EN 726-3
CONVERT IEP CURRENCY Convert a currency ‘56’ EN 1546-3
CREATE FILE Create a new file ‘E0’ ISO/IEC 7816-9
CREATE RECORD Create a new record in a file ‘E2’ EN 726-3
DEACTIVATE FILE Block a file ‘04’ ISO/IEC 7816-9
DEBIT IEP Pay from the wallet (purse) ‘54’ EN 1546-
Instruction name Description {INS} Standard
DECREASE Decrease file storyteller ‘30’ EN 726-3
DELETE Delete an object ‘E4’ OP
DELETE FILE Delete a file ‘E4’ ISO/IEC 7816-9
DISABLE CHV Deactivate PIN code reading ‘26’ TS 51.011
ENABLE CHV Activate PIN code reading ‘28’ TS 51.011, EN 726-3
EXECUTE Execute a file ‘AE’ EN 726-3
EXTEND Extend a file ‘D4’ EN 726-3
EXTERNAL AUTHENTICATE External authentication ‘82’ ISO/IEC 7816-4
GENERATE AUTHORISATION
CRYPTOGRAM
Generate a digital signature for a payment
transaction
‘AE’ EMV
GENERATE PUBLIC KEY PAIR
Generate a key pair for an asymmetric
cryptographic algorithm
‘46’ ISO/IEC 7816-8
GET RESPONSE
Request a response (transmission protocol T
= 0)
‘C0’ TS 51.011
GET STATUS
Read application manager life cycle
information
‘F2’ ISO/IEC 7816-4, OP
LOAD
Load an application by transferring the load
file.
‘E8’ OP
MUTUAL AUTHENTICATE Mutual authentication ‘82’ ISO/IEC 7816-8
PERFORMSCQL OPERATION Execute a CQL intruction ‘10’ ISO/IEC 7816-7
PERFORMTRANSACTION
OPERATION
Execute a SCQL instruction ‘12’ ISO/IEC 7816-7
PERFORMUSER OPERATION Manage SQC user ‘14’ ISO/IEC 7816-7
69. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Communicating with the SE:
Application Identifier (AID)
✓SE service routing
✓Issuer Identification Number (IIN): ISO/IEC 7812
✓Or Registered Application Provider Identifier (RID):
ISO/IEC 7816-5
✓Proprietary Application Identifier Extension (PIX)
69
2.2. The Secure Element
70. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Communicating with the SE: Application Identifier (AID)
✓Example of AID (source EFTLab: https://www.eftlab.com/index.php/site-map/knowledge-
base/211-emv-aid-rid-pix)
▪ Visa payWave for Mobile: 325041592E5359532E4444463031
▪ DeviceFidelity In2Pay DFare applet: 44464D46412E44466172653234313031
▪ VISA Electron: A0000000032010
▪ MasterCard PayPass: A00000000401
▪ Orange: A0000000090001FF44FF1289
▪ American Express: A0000000250000
▪ ExpressPay: A000000025010701
▪ HSBC: A00000002949034010100001
▪ Barclay: A00000002949282010100000
▪ CB Apple Pay (France): A0000000426010
▪ …
70
2.2. The Secure Element
71. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Summary
✓The SE is an isolated tamper proof execution environment which is reachable
by:
▪ A contactless reader device using NFC card emulation mode
▪ A mobile application from the mobile host system through a dedicated SE API
✓The SE has 3 mobile form factors:
▪ The SIM card controlled by the MNO
▪ Embedded SE controlled by the mobile handset manufacturer
▪ The external/removable MicroSD
✓SE communication with APDU protocol carried by NFC card emulation mode:
▪ C-APDU sent by the reader
▪ R-APDU returned by the SE application
➢The routing to the SE service is done according the Application Identifier (AID)
71
2.2. The Secure Element
72. 2.3. The Trusted Service Manager
(and Secure Channel Protocols)
72
73. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢SE-based service?
✓Customer’s mobile device?
✓Which model manufacturer?
✓Which operating system version?
✓By who is controlled the SE?
✓Which MNO?
✓Which SE form factor?
✓Which security?
✓What interlocutors?
HOW TO MANAGE A SE-BASED SERVICE DEPLOYMENT?
2.3. The Trusted Service Manager
Image: Esther Vargas / Flickr
73
74. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Lifecycle of SE-based service
✓Download: the service (applet) may be dynamically downloaded
or pre-installed into the secure element
✓Provision: initiate the service and assign a trusted area (Security
Domain) within the SE
✓Personalization: configure service or user-specific data
✓Activate/deactivate-Lock/Unlock: Activate or deactivate, lock or
unlock the service
✓Terminate: terminate the service and delete provisioned data
✓Update: service version updates
✓Information: provide information on the service and the
transactions execution status
THE USE CASES MUST BE DEFINED (By SP)
2.3. The Trusted Service Manager
74
75. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Role of the TSM
✓Trusted third-party
✓Connect SP to SEI
✓SE-based services lifecycle management
✓Remote access point
✓End-users management
✓Encryption keys management
✓Value-added services: transaction
traceability, fraud detection ...
GUARANTEE OF END-TO-END SECURITY
2.3. The Trusted Service Manager
75
76. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Overview of a TSM-based architecture
2.3. The Trusted Service Manager
76
77. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢TSM platforms
✓Oberthur Technologies (France)
✓Gemalto (Netherlands)
✓Bell ID (USA)
✓Sequent (USA)
✓Giesecke & Devrient (Germany)
✓CorFire (SK C&C, Korea)
✓…
2.3. The Trusted Service Manager
77
78. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Public Key Infrastructure (PKI)
1. Alice keeps her private key secret
2. Bob has the public key of Alice
3. Bob encrypts a message using Alice’s
public key
4. Only Alice can decrypt the message
sent by Bob using her private key
ASYMMETRIC PROTOCOL
2.3. The Trusted Service Manager
78
79. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢The digital certificate
1. The certificate contains the
identity and the public key
2. The Certification Authority
(CA) adds her digital
signature and encrypts the
certificate using her private
key
3. Digital certificate is decrypted
using the public key of the CA
2.3. The Trusted Service Manager
Illustration author: Giaros,
https://en.wikipedia.org/w/index.php?title=File:PublicKeyCertificateDiagram_It.svg&lang=en#filelinks
Giaros
79
80. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Secure Channel Protocols (SCP)
✓Authentication
✓Integrity
✓Confidentiality
✓Data security
▪ SCP02: Triple DES (3DES) Broken (Man-In-The-Middle attack)
▪ SCP03: Advanced Encryption Standard (AES) symmetric algorithm
▪ SCP10: Public Key Infrastructure (PKI) pre-shared keys e.g. Diffie,
Hellman, Rivest, Shamir, and Adleman (RSA) or Elliptic Curve Key
Agreement (ECKA) asymmetric Algorithm
▪ SCP11: Use of digital certificates
✓ Transport security
▪ SCP80: OTA protocol
▪ SCP81: HTTPS TLS/SSL protocol
2.3. The Trusted Service Manager
80
81. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Summary
✓ The TSM is a trusted third-party with strong expertise in
digital security and secure element related technologies
✓ The TSM platform is split into 2 interfaces:
▪ The SP-TSM interface allows the SP to manage SE-based
services remote deployment and lifecycle management
▪ The SEI-TSM interface is connected to the SEI systems
✓ The TSM manages cryptographic keys and implements
Secure Channel Protocols to ensure the end-to-end
security
✓ The TSM related technologies are standardized by
GlobalPlatform
2.3. The Trusted Service Manager
81
83. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Collaborative ecosystem for
digital security
✓Payment
✓Transports
✓Automotive
✓Smart Cities
✓Smart Home
✓Internet of Things (IoT)
2.4. GlobalPlatform standard
Image by Tumisu from Pixabay
✓Telecoms
✓Utilities
✓Healthcare
✓Government
✓…
83
84. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Active members (~100)
✓AMD,
✓American Express,
✓Apple,
✓Ericsson
✓Gemalto,
✓Huawei,
✓Infineon,
✓Master Card,
✓NXP,
✓Oracle,
✓Orange,
2.4. GlobalPlatform standard
84
✓Qualcomm,
✓STMicroelectronics,
✓Toshiba
✓Trustonic,
✓Verizon,
✓Visa…
➢Observer members
✓Samsung,
✓Alibaba,
✓Thales…
➢Public entity members
✓Department of Defense (USA)
✓CEA (France)…
85. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢GP Technical Specifications
✓Secure Element (SE)
▪ Card Specification
▪ UICC configuration
▪ Confidential Card Content Management
▪ Remote Application Management over HTTP
▪ Contactless Services
▪ Secure Channel Protocol 03
▪ Secure Channel Protocol 11
▪ Messaging Specification…
✓Trusted Platform Services ( i.e. TSM)
▪ Open Mobile API
▪ Multiple Contactless Card Emulation
Environments
2.4. GlobalPlatform standard
85
▪ Secure Element Remote Application
Management
▪ Secure Element Access Control
▪ Web API to Access Secure Elements…
✓Trusted Execution Environment (TEE)
▪ TEE System Architecture
▪ TEE Client API
▪ TEE Internal Core API
▪ TEE Secure Element
▪ TEE Sockets API
▪ Trusted User Interface API
▪ TEE Protection Profile
▪ Symmetric and Asymmetric
Cryptography Layer…
86. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢The Trusted Execution Environment (TEE)
2.4. GlobalPlatform standard
Image by Gerd Altmann de Pixabay
87. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢The Trusted Execution Environment (TEE)
2.4. GlobalPlatform standard
Image by Gerd Altmann de Pixabay
HW Interfaces
Drivers API
Normal
App
Host OS
88. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢The Trusted Execution Environment (TEE)
2.4. GlobalPlatform standard
Image by Gerd Altmann de Pixabay
Host OS
HW Interfaces
Drivers API
Isolation
TEE
Trusted
drivers API
Trusted
HW Interfaces
Messages
Communication
Agent
Communication
Agent
Normal
App
Trusted
App
91. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Description of the (future) system
✓Requirements and specification?
❑ WHAT?: What it is about (field/domain)?
What problem? What expected result? (business vision)
❑ WHO?: Who is involved?: Service provider, R&D team,
users of the system, roles…
❑ WHY?: Why this solution (novelty)?
❑ HOW? WHEN? WHERE?..
Architecture, components, actors, use cases, interactions,
data?
91
3.1. The specification
92. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)92
3.1. The specification
➢Architecture overview
(example)
93. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)93
3.1. The specification
➢Architecture overview
(example)
Car-sharing end-user
Car-sharing
Service Provider (SP)
94. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)94
3.1. The specification
➢Architecture overview
(example)
NFC
Car-sharing
Service Provider (SP)
Car-sharing end-user
95. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)95
3.1. The specification
➢Architecture overview
(example)
NFC
Car-sharing
Service Provider (SP)
Car-sharing end-user
96. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
96
3.1. The specification
➢Architecture overview
(example)
NFCCloud
Car-sharing
Service Provider (SP)
Car-sharing end-user
97. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
97
3.1. The specification
➢Architecture overview
(example)
NFCCloud
Car-sharing
Service Provider (SP)
Car-sharing end-user
98. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
98
3.1. The specification
➢Architecture overview
(example)
NFCCloud
Car-sharing
Service Provider (SP)
Car-sharing end-user
99. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
99
3.1. The specification
➢Architecture overview
(example)
NFCCloud
Car-sharing
Service Provider (SP)
Car-sharing end-user
100. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
100
3.1. The specification
➢Architecture overview
(example)
NFCCloud
Car-sharing
Service Provider (SP)
Car-sharing end-user
101. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
101
3.1. The specification
➢Architecture overview
(example)
✓Software components?
❑A web API running on a Cloud server
(connected to a DBMS)
❑A client web application for the
management of the service
❑An end-user mobile app using NFC
feature
❑An embedded application running on a
single board computer (SBC) connected
to the car system…
102. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
102
3.1. The specification
➢Fonctional specification (example)
✓Car-sharing use case 1 : book the car
❑Precondition 1: the end-user has downloaded and intsalled the mobile app.
❑Precondition 2: the end-user has provided the correct authentication data to connect the
application.
❑Precondition 3: the end-user has registered her bank information.
❑Precondition 4: the car is available for rental.
❑Normal case:
1. The end-user launchs the mobile app
2. The end-user selects the option « book the car »
3. The end-user swipes the NFC tag on the door of the car with her NFC-enabled mobile phone
4. The door of the car opens…
103. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
103
3.1. The specification
➢Non fonctional specification
(example)
✓Usability (user friendly?)
✓Reliability (over time)
✓performance
✓Security
✓Supportability (maintenance costs)
✓Compliance (technologies, platform
compatibility…)
✓software engineering model
✓… Illustration source: https://blog.techcello.com/2016/04/top-
10-critical-nfr-for-saas-applications-part-1
104. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
104
3.1. The specification
➢The Unified Modeling Language (UML)
✓A standard way to visualize the design of a digital system
✓Structure diagrams: component, package, classe, object, entity…
✓Behavior diagrams: use case, activity, state machine…
✓Interaction diagrams: sequence, communication…
✓Many tools available: (community and commercial)
❑ArgoUML
❑BOUML
❑Dia
❑Visual Paradigm
❑Modelio
❑Microsoft Visual Studio
❑Enterprise Architect
❑Rational Rose
❑UML designer…
105. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
105
3.1. The specification
➢Use case (example)
✓Car-sharing use cases
✓Actors:
❑ The Service Provider (SP):
An employed of the car-sharing company who has the role for
the management of the car-sharing service
❑ The End-User (EU):
Somebody who owns a NFC-enabled mobile phone and wants
to use the car-sharing service
This is a generic view, in practice, the role of
the business actors is more precise!
Car-sharing End-User (EU)
Car-sharing
Service Provider (SP)
106. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
106
3.1. The specification
➢Use case (example)
✓Car-sharing use cases (UC)
✓UC 1: "manage service"
❑ The actor SP can manage the (car sharing)
service, she must be authenticated as
manager role.
107. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
107
3.1. The specification
➢Use case (example)
✓Car-sharing use cases (UC)
✓UC 2: "book a car"
❑ The actor EU can subscribe the
(car sharing) service, she must
provide banking data.
❑ The actor EU can use the service,
she must be authenticated as
user role. Booking a car is one of
the extensions of using the
service.
This view does not provide information on how is done the activity
108. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
108
3.1. The specification
➢Sequence diagram
(interactions)
UC 2: "book a car«
(1/2)
109. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
109
3.1. The specification
➢Sequence diagram
(interactions)
UC 2: "book a car«
(2/2)
110. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
110
3.1. The specification
➢Data relationnal model? Entity relationship diagram
~SQL standard Logical Model of the Data (LMD)
111. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
111
3.1. The specification
➢Other aspects considered in the specification
✓The layout of the HMIs
✓Division of tasks
✓Burden sharing
(resource allocation)
✓Delivery planning...
Lifecycle according the
development model you choose!
Example: the iterative development model
(source of illustration: Wikipedia)
112. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
112
3.1. The specification
➢Summary
✓The specification provides a high level of visibility that helps to check
consistency and feasibility (for decision-makers and R&D teams)
✓The specification goal is the understanding and the ease of the system
implementation and maintenance
✓UML is a popular modeling language (for software) allowing the design
of digital systems
✓UML provides models to design the system from several points of view that
can easily be transposed into programming language and
deployement model.
✓The highest (business) vision of the system is provided by the USE
CASES that are formalized into UML diagrams
114. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
A. Read a tag
Similar to barcode (or QR code)
use cases…
114
3.2. NFC use case: Read/Write mode
115. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
B. Write a tag
Depending on the use case, the
tag may be locked after the
message was written
(can not be unlocked
anymore)…
115
3.2. NFC use case: Read/Write mode
116. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)116
3.2. NFC use case: Read/Write mode
➢Generic principle
1. Use cases based on the tag UID (example)
▪ Entity Relationship Diagram: an URL linked to an object?
Do not need to write data on the tag (allows dynamic data)
Can be combined with a NDEF filter on tag content…
117. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)117
3.2. NFC use case: Read/Write mode
➢Generic principle
✓ 2. Use cases based
on NDEF message
(example)
Record attendance?
A check is done with the UID!
118. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)118
3.2. NFC use case: Read/Write mode
➢Generic principle
1. Use cases based on the tag UID
The UID is associated to something (i.e., in a database)
✓ An object of the real world (inert or living), for example:
▪ An URL, a switch, a home appliance, a car, a door, a book, a pet, a
child…
✓ An activity to trigger, for example:
▪ Open a door, switch-on a light, clock-in/register somebody or something,
trigger the payment of the product associated with the tag…
✓ A place, for example:
▪ a geolocation, a point-of-sales, a relay point in a race…
There is no limit to the use cases you can imagine just UID-based!
119. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)119
3.2. NFC use case: Read/Write mode
➢Generic principle
2. Use cases based on NDEF message
❑ Smart Poster
❑ URI, URL (web page, web service, media file…) Like a QR Code
❑ Business card
❑ Phone number, email
❑ IP address
❑ Place identifier/Location coordinates
❑ Action identifier
❑ Pairing information
❑ Additive identifierApplication package allows to filter the app in the
automatic discovery of the NFC tag…
the message size is limited to the NFC tag storage capacity (in bytes)
121. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
❑Printer NFC pairing:
Data sharing
Initializes another
connectivity to allow
large (e.g. media)
file/stream sharing
(Bluetooth, Wi-Fi…)
Example
121
3.3. NFC use case: Peer-to-Peer mode
122. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
❑Client device
(headphones,
speaker…) NFC pairing:
Data sharing
Initializes another
connectivity to allow
large (e.g. media)
file/stream sharing
(Bluetooth, Wi-Fi…)
Example
122
3.3. NFC use case: Peer-to-Peer mode
123. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
❑Mobile
NFC pairing:
Data sharing
Initializes another
connectivity to allow
large (e.g. media)
file/stream sharing
(Bluetooth, Wi-Fi…)
Example
123
3.3. NFC use case: Peer-to-Peer mode
124. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Specific use cases
❑P2P transaction
Tokens exchange
Example
124
3.3. NFC use case: Peer-to-Peer mode
125. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)125
➢Generic principle
❑P2P data exchange: device pairing
Share pairing information to initiate another connectivity (Wi-Fi,
Bluetooth…)
Ex. Connect to a Local Area Network (LAN)
Ex. Create a Personal Area Network (PAN) (e.g., Bluetooth)
File/data transfer/streaming…
❑P2P transactions
✓ Ex. Mobile payment, ticketing, identification/auhtentication, etc.
✓ Tokenized transactions…
P2P mode of NFC standard is suitable for secure transactions
3.3. NFC use case: Peer-to-Peer mode
127. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
A.SE-based (Hardware) use case
SE lifecycle: PRE-ISSUANCE
▪ Pre-installed modules on the chip-card
(by the manufacturer)
▪ Personalization: features activation according
the SE issuer (owner) profile (MNO, Bank,
mobile manufacturer…)
▪ Key Ceremony: cryptographic keys
generation and distribution by the Controlling
Authority
127
3.4. NFC use case: Card emulation mode
Personalization
?
128. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
A.SE-based (Hardware) use case
SE service lifecycle: POST-ISSUANCE (example)
▪Deploy and activate Service: when the end-user has subscribed the
service
▪Upgrade Service: when an update is available
▪Lock/unlock Service: when a wrong PIN code has been entered
sevaral times
▪Suspend/terminate Service: when the end-user unsubscribes the
service (or has not paid is term…)
Most of the time, the SE issuer provides SP-TSM interface and
the lifecycle scenario may be pre-configured in the system for
automatic processing
128
3.4. NFC use case: Card emulation mode
129. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
A.SE-based use case
Ticketing use case:
1. LOAD TICKET
(example)
129
3.4. NFC use case: Card emulation mode
130. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
A.SE-based use case
Ticketing use case:
2. USE TICKET
(example)
130
3.4. NFC use case: Card emulation mode
131. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
B.HCE-based use case
Architecture
(example)
131
3.4. NFC use case: Card emulation mode
132. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
➢Generic principle
B.HCE-based (Software) use case?
The use case is the same: HCE (background) service
instead of SE service
132
SE HCE
SMART CARD TECHNOLOGY YES NO
THIRD-PARTY AGREEMENT REQUIRED (SE OWNER) YES NO
EXTRA COSTS (FEES FOR THE 3RD PARTY) YES NO
AVAILABLE WHEN THE MOBILE IS TURNED OFF YES NO
AVAILABLE WHEN THE BATTERY IS DISCHARGED YES NO
ACCESS TO MOBILE FEATURES AND CONNECTIVITY NO YES
APDU PROTOCOL YES YES
3.4. NFC use case: Card emulation mode
133. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)133
➢Generic principle
❑Card emulation is a transactional mode
NOTE: card emulation mode use cases could be implemented in the P2P
mode as well
One specificity comes from the APDU protocol inherited from contact smart
cards used to communicate with the SE service
A. SE-based use cases
✓ As the owner of the SE is a third-party, the SE service also has a specific
lifecycle
✓ SE services use cases are an evolution of contact smart card services
(compatibility with existing infrastructures)
✓ SE-based services are NOT OPEN: specific services are pre-installed on the
SE and they are controlled by the SE issuer (owner)
3.4. NFC use case: Card emulation mode
134. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)134
➢Generic principle
B. Host-based Card emulation (HCE) mode
NO SE: pure software service running in the host OS (like other mobile
apps)
May be managed end-to-end by the SP (without 3rd party)
➢Non functional requirements must be considered in the use cases:
✓ Service availability (see table in slide 11), security, speed of the contactless
transaction…
➢No need for compliance with existing infrastructures (e.g.,
payment or ticketing terminals) Maybe no need for card
emulation mode?
3.4. NFC use case: Card emulation mode
138. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)138
➢ NFC activation on Android phones
4.1. Presentation of NFC equipment
139. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)139
➢ Integrated Beam feature
4.1. Presentation of NFC equipment
140. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)140
➢ NFC tools on Google Play by WAKDEVS
https://play.google.com/store/apps/details?id=com.wakdev.wdnfc&hl=fr
4.1. Presentation of NFC equipment
PC & MAC version: https://www.wakdev.com/apps/nfc-tools-pc-mac.html
141. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)141
➢ NFC tools: Read tag
4.1. Presentation of NFC equipment
142. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)142
➢ NFC tool: Add record
4.1. Presentation of NFC equipment
143. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)143
➢ NFC tool: read URL
4.1. Presentation of NFC equipment
144. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)144
➢ NFC tool: other APDU smart card reader (Android IsoDep)
4.1. Presentation of NFC equipment
147. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)147
➢ Official Integrated Development Environment (IDE)
✓ Android Studio based on Jetbrains IntelliJ IDE
(https://www.jetbrains.com/idea): https://developer.android.com/studio
✓ Other: plugins Eclipse (former official IDE) or Netbeans?
➢Cross-platform environments (hybrids web-Android-iOS)
✓ Cordova web-based technologies distributed by Apache foundation:
http://cordova.apache.org
✓ Ionic based on Cordova and Angular framework (https://angular.io):
https://ionicframework.com
✓ React Native based on React library (JavaScript, https://fr.reactjs.org)
created by Facebook: http://www.reactnative.com
✓ Titanium Studio based on Aptana web dev IDE (http://www.aptana.com):
http://www.appcelerator.com/titanium/titanium-studio
✓ …
4.2. Introduction to Android
148. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)148
➢ Plan of the video
✓Tutorial URL:
• https://developer.android.com/guide
Download Android Studio
Install Android Studio
Tutorial “My first app”
4.2. Introduction to Android
150. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)150
1. Run the app from Android Studio “run” menu
Download and install USB driver:
https://developer.android.com/studio/run/oem-
usb.html
Enable Android developer option on your Android
device:
https://developer.android.com/studio/debug/dev-
options
Run the app from Android Studio:
https://developer.android.com/training/basics/firsta
pp/running-app
4.2. Introduction to Android
151. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)151
1. Run the app from Android Studio “run” menu
4.2. Introduction to Android
152. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)152
2. Run the app from the APK
4.2. Introduction to Android
153. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)153
➢ Android application fundamentals
▪ https://developer.android.com/guide/components/fundamentals?hl=en
✓Android Manifest
✓Activity
✓Layouts and resources
✓Services
✓Broadcast receivers
✓…
4.2. Introduction to Android
154. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)154
➢ Android Activity lifecycle
▪ https://developer.android.com/guide/c
omponents/activities/intro-
activities?hl=en
✓ onCreate(),
✓ onStart(),
✓ onResume(),
✓ onPause(),
✓ onStop(),
✓ onDestroy()
4.2. Introduction to Android
156. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)156
➢ Statements in the AndroidManifest.xml file
@manifest root
❑ Declare NFC feature use
<uses-feature android:name="android.hardware.nfc“
android:required=“false"/>
❑ Request permission for NFC use
<uses-permission android:name=
"android.permission.NFC" />
4.3. NFC Read/Write mode with Android
157. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)157
➢ NFC discovery
4.3. NFC Read/Write mode with Android
158. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)158
➢ Statements in the AndroidManifest.xml file
@application section @the activity implementing the NFC discovery
NOTE: the filter could be set programmatically in the Activity
❑ Intent filter for NFC detection whatever content or technology
<intent-filter>
<action android:name="android.nfc.action.TAG_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
4.3. NFC Read/Write mode with Android
159. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)159
➢ Statements in the AndroidManifest.xml file
@application section @the activity implementing the NFC discovery
❑ Intent filter for NFC detection based on technology
Data filter for given technology
<intent-filter>
<action android:name="android.nfc.action.TECH_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
Technology list is provided as resource in the res directory
// here, we indicate it is found in a sub-folder named “xml”
// and we named the file “nfc_tech_list.xml”
<meta-data android:name="android.nfc.action.TECH_DISCOVERED"
android:resource="@xml/nfc_tech_list" />
4.3. NFC Read/Write mode with Android
160. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)160
➢ Statements in the AndroidManifest.xml file
❑ Intent filter for NFC detection based on technology
Technology list resource: targeted technology is provided in an xml
file at the <project-root>/res/xml folder (several are possible)
<resources
xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
<tech-list>
<tech>android.nfc.tech.IsoDep</tech>
<tech>android.nfc.tech.NfcA</tech>
<tech>android.nfc.tech.NfcB</tech>
<tech>android.nfc.tech.NfcF</tech>
<tech>android.nfc.tech.NfcV</tech>
<tech>android.nfc.tech.Ndef</tech>
<tech>android.nfc.tech.NdefFormatable</tech>
<tech>android.nfc.tech.MifareClassic</tech>
<tech>android.nfc.tech.MifareUltralight</tech>
</tech-list>
</resources>
4.3. NFC Read/Write mode with Android
161. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)161
➢ Statements in the AndroidManifest.xml file
@application section @the activity implementing the NFC discovery
❑ Intent filter for NFC detection based on NDEF content
<intent-filter>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT" />
...
Requires filter’s data that will be checked for activity activation!..
4.3. NFC Read/Write mode with Android
162. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)162
➢ Statements in the AndroidManifest.xml file
@application section @the activity implementing the NFC discovery
❑ Intent filter for NFC detection based on NDEF content
Data filter for MIME content type
<data android:mimeType="text/plain" />
• Example of standard MIME types: "image/jpeg ", "audio/mp4 ",
“application/json “… CARE OF THE MEMORY SIZE OF THE TAG!
• NOTE: you may also create a custom mimeType when writing the NDEF message:
<data android:mimeType="application/mbds.android.nfc"/>
4.3. NFC Read/Write mode with Android
163. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)163
➢ Statements in the AndroidManifest.xml file
@application section @the activity implementing the NFC discovery
❑ Intent filter for NFC detection based on NDEF content
Data filter for URI content type
<data
android:host="www.mbds-fr.org"
android:pathPrefix="/application/"
android:scheme="http"
// optional => port declaration
android:port="8080"/>
4.3. NFC Read/Write mode with Android
164. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)164
➢ Check NFC availability
❑ Check device is NFC feature enable
// if NFC feature is not required in the manifest
// you may inform the user of NFC service unavailability…
PackageManager manager = getPackageManager();
if (!manager.hasSystemFeature(PackageManager.FEATURE_NFC)) {
// manage NFC service unavailability
}
❑ Check NFC feature is activated
NfcAdapter adapter = manager.getDefaultAdapter();
if (adapter != null && !adapter.isEnabled()) {
// ask the user to turn on NFC}
4.3. NFC Read/Write mode with Android
165. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)165
➢ Process NFC tag in the Activity
❑ Foreground discovery of NFC
Declare NfcAdapter and PendingIntent objects at the Class level:
private NfcAdapter nfcAdapter;
Private PendingIntent pendingIntent;
Get default NfcAdapter and PendingIntent instances at activity “onCreate” event:
nfcAdapter = NfcAdapter.getDefaultAdapter(this);
// check NFC feature:
if (nfcAdapter == null) {
// process error device not NFC-capable…
}
pendingIntent = PendingIntent.getActivity(this, 0, new Intent(this,getClass()).
addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP), 0);
// single top flag avoids activity multiple instances launching
4.3. NFC Read/Write mode with Android
166. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)166
➢ Process NFC tag in the Activity
❑ Foreground discovery of NFC
Enable NFC foreground detection at activity “onResume” event
if (nfcAdapter != null) {
if (!nfcAdapter.isEnabled()) {
// process error NFC not activated…
}
nfcAdapter.enableForegroundDispatch(this, pendingIntent, null, null);
}
Disable NFC foreground detection at activity “onPause” event
if (nfcAdapter != null) {
nfcAdapter.disableForegroundDispatch(this);
}
4.3. NFC Read/Write mode with Android
167. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)167
➢ Process NFC tag in the Activity
❑ Get the Tag object at activity “onNewIntent” event
// retrieve the action from the received intent
String action = intent.getAction();
// check the event was triggered by the tag discovery
(NfcAdapter.ACTION_TAG_DISCOVERED.equals(action)
|| NfcAdapter.ACTION_TECH_DISCOVERED.equals(action)
|| NfcAdapter.ACTION_NDEF_DISCOVERED.equals(action)) {
// get the tag object from the received intent
Tag tag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
4.3. NFC Read/Write mode with Android
168. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)168
➢ Process NFC tag in the Activity
❑ Get the Tag object information
// get the UTD from the tag
byte[] uid = tag.getId();
// get the technology list from the tag
String[] technologies = tag.getTechList();
// bit reserved to an optional file content descriptor
int content = tag.describeContents();
// get NDEF content
Ndef ndef = Ndef.get(tag);
// is the tag writable?
boolean isWritable = ndef.isWritable();
// can the tag be locked in writing?
boolean canMakeReadOnly = ndef.canMakeReadOnly();
4.3. NFC Read/Write mode with Android
169. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)169
➢ Process NFC tag in the Activity
❑ Read tag: get NDEF records from the intent received at activity “onNewIntent” event
Parcelable[] rawMsgs = intent.getParcelableArrayExtra(NfcAdapter.EXTRA_NDEF_MESSAGES);
// check if the tag contains an NDEF message
if (rawMsgs != null || ! rawMsgs.isEmpty()) {
// instantiate a NDEF message array to get NDEF records
NdefMessage[] ndefMessage = new NdefMessage[rawMsgs.length];
// loop to get the NDEF records
for (int i = 0; i < rawMsgs.length; i++) {
ndefMessage[i] = (NdefMessage) rawMsgs[i];
for (int j = 0; j < ndefMessage[i].length; j++) {
NdefRecord ndefRecord = ndefMessage[i].getRecords()[j]
4.3. NFC Read/Write mode with Android
170. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)170
➢ Process NFC tag in the Activity
❑ Read tag: parse NDEF record as String
byte[] payload = ndefRecord.getPayload();
String encoding = ((payload[0] & 128) == 0) ? "UTF-8" : "UTf-8";
int languageSize = payload[0] & 0063;
String recordTxt = new String(payload, languageSize+1,
payload.length - languageSize - 1, encoding);
4.3. NFC Read/Write mode with Android
171. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)171
➢ Process NFC tag in the Activity
❑ Read tag: check NDEF record TNF
switch(ndefRecord.getTnf()) {
case NdefRecord.TNF_ABSOLUTE_URI:
// manage NDEF record as an URI object
case NdefRecord.TNF_EXTERNAL_TYPE:
// manage NDEF record as an URN (<domain_name>:<service_name>)
case NdefRecord.TNF_MIME_MEDIA:
// manage NDEF record as the MIME type is:
// picture, video, sound, JSON, etc…
case NdefRecord.TNF_WELL_KNOWN:
// manage NDEF record as the type is:
// contact (business card), phone number, email…
default:
// manage NDEF record as text…
TNF_EXTERNAL_TYPE
4.3. NFC Read/Write mode with Android
172. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)172
➢ Process NFC tag in the Activity
❑ Write tag: NDEF message is an array of NDEF Record
// dimension is the int number of entries of ndefRecords:
int dimension = 3;
NdefRecord[] ndefRecords = new NdefRecord[dimension];
NdefMessage ndefMessage = new NdefMessage(ndefRecords);
// Example with an URI NDEF record:
String uriTxt = "http://www.mbds-fr.org";
NdefRecord ndefRecord = NdefRecord.createUri(uriTxt);
// Add the record to the NDEF message:
Ndefrecords.add(ndefrecord);
4.3. NFC Read/Write mode with Android
173. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)173
➢ Process NFC tag in the Activity
❑ Write tag: create NDEF record
NDEF record MIME type
String mimeType = "application/mbds.android.nfc"; // your MIME type
NdefRecord ndefRecord = NdefRecord.createMime(mimeType,
msgTxt.getBytes(Charset.forName("US-ASCII")));
NDEF record URI type
String uriTxt = "http://www.mbds-fr.org"; // your URI in String format
NdefRecord ndefRecord = NdefRecord.createUri(uriTxt);
4.3. NFC Read/Write mode with Android
174. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)174
➢ Process NFC tag in the Activity
❑ Write tag: create NDEF record
NDEF record WELL KNOWN type (NFC Forum): TEXT
byte[] lang = Locale.getDefault().getLanguage().getBytes("UTF-8");
int langeSize = lang.length;
byte[] data = stringMessage.getBytes("UTF-8");
int dataLength = data.length;
ByteArrayOutputStream payload = new ByteArrayOutputStream(1+langSize+dataLength);
payload.write((byte) (langSize & 0x1F));
payload.write(lang, 0, langSize);
NdefRecord ndefRecord = new NdefRecord(NdefRecord.TNF_WELL_KNOWN,
NdefRecord.RTD_TEXT, new byte[0],
payload.toByteArray());
4.3. NFC Read/Write mode with Android
175. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)175
➢ Process NFC tag in the Activity
❑ Write tag: check and write the tag received at activity “onNewintent” event
// check the targeted tag the memory size and is the tag writable
Ndef ndef = Ndef.get(tag);
int size = ndefMessage.toByteArray().length;
if (ndef!=null) {
ndef.connect();
if (!ndef.isWritable()) {
// tag is locked in writing!
}
if (ndef.getMaxSize() < size) {
// manage oversize!
}
// write the NDEF message on the tag
ndef.writeNdefMessage(ndefMessage);
ndef.close();}
4.3. NFC Read/Write mode with Android
176. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)176
➢ Process NFC tag in the Activity
❑ Write tag: check and write the tag received at activity “onNewintent” event
// is the tag formatted?
Ndef ndef = Ndef.get(tag);
if (ndef == null) {
NdefFormatable format = NdefFormatable.get(tag);
if (format != null){ // can you format the tag?
format.connect();
//Format and write the NDEF message on the tag
format.format(ndefMessage);
//Example of tag locked in writing:
//formatable.formatReadOnly(message);
format.close() ;}}
DO NOT FORGET TO SUROUND WITH “TRY CATCH”!
4.3. NFC Read/Write mode with Android
178. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)178
➢Beam NFC pairing for large files transfer with Bluetooth
➢Specific NDEF push (Beam) functions will be deprecated in
Android Q SDK29…
“This method was deprecated in API level 29. this feature is deprecated. File sharing
can work using other technology like Bluetooth.”
❑ But P2P implementation is the same as NDEF Read/Write mode
Same declarations of NFC feature use and permission in Android
manifest
Same declaration of the NDEF discovery filter at the activity level in
the Android Manifest
Same check of NfcAdapter availability and activation
Same implementation of NfcAdapter in the Activity class
Same implementation of NDEF messages…
One device acts as NFC reader, the other acts as NFC writer
4.4. NFC P2P mode with Android
179. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)179
➢ Process Beam messages in the Activity (before SDK29)
❑ Check NDEF push (Beam) is activated at activity “onResume” event
If (!nfcAdapter.isNdefPushEnabled()) {
// ask user to activate Beam option before:
// startActivity(new Intent(Settings.ACTION_NFCSHARING_SETTINGS));
// finish the activity:
// finish();
}
4.4. NFC P2P mode with Android
180. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)180
➢ Process Beam messages in the Activity (before SDK29)
❑ Register NDEF push callbacks at activity “onCreate” event
// subscribe to the callback for sending Beam message:
nfcAdapter.setNdefPushMessageCallback(this, this);
// then, you must implement NfcAdapter.createNdefMessageCallback…
// instead of dynamic message, you can also set a static NDEF message:
nfcAdapter.setNdefPushMessage(ndefMessage, this, this);
// subscribe to the callback for the end of message receiving:
nfcAdapter.setOnNdefPushCompleteCallback(this, this);
// then, you must implement NfcAdapter.onNdefPushComplete…
4.4. NFC P2P mode with Android
181. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)181
➢ Beam message example of local storage file (before SDK29)
❑ Declare the permission to access local storage in the Android manifest
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
❑ Set the folder file
//directory of the file to transfer
File myFolder = Environment.getExternalStorageDirectory()+"/myDirectory/";
// example of public directories:
//Environment.getExternalStoragePublicDirectory(
4.4. NFC P2P mode with Android
//Picture folder
//Environment.DIRECTORY_PICTURES);
//Photo folder
//Environment.DIRECTORY_DCIM);
//Video folder
//Environment.DIRECTORY_MOVIES);
182. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)182
➢ Beam message example of local storage file (before SDK29)
❑ Set the file
//Set the name of the file to transfer with its extension
String myFileName = "fileName.extension";
//Get the File object
File myFile = new File(myFolder, myFileName);
❑ Ensure the file is readable
myFile.setReadable(true, false);
❑ Set the file in the Beam message as URI in the Beam Activity
nfcAdapter.setBeamPushUris(new Uri[]{Uri.fromFile(myFile)}, this);
4.4. NFC P2P mode with Android
184. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)184
1.Implement the Android NFC smart card reader
❑ Same declarations of NFC feature use and permission in the
manifest
❑ Declare the intent-filter for “android.nfc.action.TECH_DISCOVERED”
at the activity level in the manifest
❑ Insert the IsoDep technology in the technology list file:
<tech>android.nfc.tech.IsoDep</tech>
❑ check of NFC availability and activation
❑ Implement the NfcAdapter and the PendingIntent in the Activity
class
❑ Implement IsoDep class…
4.5. NFC card emulation mode with
Android
185. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)185
1.Implement the Android NFC smart card reader
❑ Implement IsoDep class to send APDU commands and receive
APDU responses
Get the IsoDep object in the “onNewIntent” event:
Tag tag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
// IsoDep implements connection to Tag type 4 (smard card
type)
IsoDep card = IsoDep.get(tag);
Connect to the card:
card.connect();
4.5. NFC card emulation mode with
Android
186. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)186
1.Implement the Android NFC smart card reader
❑ Implement IsoDep class to send APDU commands and receive
APDU responses
Build the APDU command: example of a SELECT AID instruction:
byte[] selectAPDU = {
(byte) 0x00, // CLA Class
(byte) 0xA4, // INS Instruction
(byte) 0x04, // P1 Parameter
(byte) 0x00, // P2 Parameter
(byte) 0x0A, // Lc Length of the data field (AID of the card service)
(byte) 0xF0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, // AID
(byte) 0x00); // Le Length of the expected response (no maximum size)
4.5. NFC card emulation mode with
Android
187. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)187
1.Implement the Android NFC smart card reader
❑ Implement IsoDep class to send APDU commands and receive APDU
responses
Send the APDU command and get the APDU response:
byte[] responseAPDU = card.transceive(selectAPDU);
Check the status word success:
// Command success when SW1 = 0x90 and SW2 = 0x00 (2 last bytes)
if (!(responseAPDU[responseAPDU.length-2] == (byte) 0x90 &&
responseAPDU[responseAPDU.length-1] == (byte) 0x00)) {
// manage status error
}
And disconnect the card:
card.close();
4.5. NFC card emulation mode with
Android
188. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)188
2. Implement the SE internal reader
Since SDK 28 (Android Pie), SIMAlliance OMAPI SEService is part of Android core framework…
❑ OMAPI SEService: OnConnectedListener
import android.app.Activity;
import android.os.Bundle;
import android.se.omapi.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
/**
* The Class implementing SE communication
*/
public class SeServiceActivity extends Activity implements SEService.OnConnectedListener {
@Override
public void onConnected() {
//implement the SE communication HERE!
}
4.5. NFC card emulation mode with
Android
189. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)189
2. Implement the SE internal reader
Since SDK 28 (Android Pie), SIMAlliance OMAPI SEService is part of Android core framework…
❑ OMAPI SEService: Executor
private SEService seService;
private ExecutorService executor = Executors.newSingleThreadExecutor();
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
//requires parameters: Contex, Executor, Listener
seService = new SEService(this, executor, this);
}
4.5. NFC card emulation mode with
Android
190. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)190
2. Implement the SE internal reader
Since SDK 28 (Android Pie), SIMAlliance OMAPI SEService is part of Android core framework…
❑ OMAPI SEService: implementation in “onConnected” event
try { Reader[] readers = seService.getReaders();
//is there a SE internal reader found?
if (readers.length < 1){/*Throw an error reader not found*/;}
//check the names of the readers to find the reader you need HERE!
//reader name: SIM1, SIM2, SD1, eSE1…
Session session = readers[//SE reader number].openSession();
//opening the channel with the SE service AID
byte[] aid = new byte[] {/*SE service AID byte arra*/};
Channel channel = session.openBasicChannel(aid);
byte[] commandAPDU = new byte[] {/*your APDU command byte array*/};
//transmit APDU command and receive APDU response
byte[] responseAPDU = channel.transmit(commandAPDU);
//check the status words and process...
//close channel when finished
channel.close();
} catch (Exception e) {/*manage thrown errors…*/}
4.5. NFC card emulation mode with
Android
192. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)192
❑ NFC Card emulation mode involving a separate chip;
the SECURE ELEMENT (SE): SIM-based, eSE or
MicroSD
❑ HCE: Host-based (software) Card Emulation (since
Android KitKat 4.4)
NO SE involved: HCE runs in the host device Operating System
Access to the Android device advanced features and
connectivity
HCE service is a background task (inheriting from Service
Activity) declared I the manifest as any other service
4.6. Android HCE
193. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)193
❑Implement Android HCE
Declare use and permission in the Android manifest
<uses-permission
android:name="android.permission.NFC"
android:required="true" />
<uses-feature
android:name="android.hardware.nfc.hce“
android:required="true" />
4.6. Android HCE
194. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)194
❑ Implement Android HCE
Declare HCE service at the activity level in the Android manifest
<service
android:name=“my.appl.package.MyAPDUService“
android:permission="android.permission.BIND_NFC_SERVICE">
<intent-filter>
<action
android:name="android.nfc.cardemulation.action.HOST_APDU_SERVICE"/>
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
<meta-data
android:name="android.nfc.cardemulation.host_apdu_service"
android:resource="@xml/my_host_metadata"/>
</service>
4.6. Android HCE
195. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)195
❑Implement Android HCE
Describe HCE service in the XML file metadata
➢resxmlmy_host_metadata.xml
<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android"
android:description="@string/my_service_description"
android:requireDeviceUnlock="false" >
<aid-group
android:category="other"
android:description="@string/my_group_description" >
<aid-filter android:name=“F00000000001" />
<aid-filter android:name="F00000000002" />
...
</aid-group>
</host-apdu-service>
4.6. Android HCE
2 categories:
CATEGORY_PAYMENT
CATEGORY_OTHER
196. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)196
❑Implement Android HCE
Implement the HostApduService task
import android.nfc.cardemulation.HostApduService;
import android.os.Bundle;
public class MyAPDUService extends HostApduService {
@Override
public byte[] processCommandApdu(byte[] commandApdu, Bundle extras) {
//Process APDU command...
return responseApduAsByteArray;
}
}
4.6. Android HCE
197. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)197
❑HCE Pros
No SE and 3rd party required
Easier to implement, faster to deploy
Adapted for Cloud-based solution
Greater freedom of memory: no storage limitation (in the Cloud)
TSM management of HCE and hybrid-based solutions exist…
But the provider can also manage its end-to-end HCE service solution
without going through a third party: low-cost solution (but requires special
attention for security)
Credentials and confidential data outside the phone (in the Cloud,
tokenization…)
4.6. Android HCE
198. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)198
❑HCE Cons
APDUs may be intercepted by a (malicious) software?: http://forum.xda-
developers.com/showpost.php?p=48565612&postcount=1
Additional encryption mechanisms required
Implementation requires specific knowledge (APDU programming, security
and encryption stack…)
NFC service unavailable when device is off
Does not meet GlobalPlatform specifications
4.6. Android HCE
201. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)201
4.7. NFC Android project
202. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)202
❑ Practice work
Imagine your own use case
▪ Design your application
▪ Clone the NFCEXampleCode project
▪ Remove the useless code
▪ Implement your app
▪ Post a link of the video of your app
4.7. NFC Android project
204. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)
Recommended readings
204
▪ Anne-Marie Lesas, Serge Miranda, “The art and science of NFC programming,” WILEY-ISTE,
2017.
▪ Dominique Paret, Xavier Boutonnier, Youssef Houiti, “NFC Principes et applications de la
communication en champ propre,” Dunod, 2012.
▪ Greg Milette, Adam Stroud, “Professional Android Sensor Programming,” Wiley WROX, 2012.
▪ Klaus Finkenzeller, “RFID Handbook,” Wiley, 3rd edition 2010.
▪ Robert R. Sabella, “NFC For Dummies,” WYLEY, 1st edition in 2016.
▪ Syed A. Ahson and Mohammad Ilyas, “Near Field Communication Handbook,” CRC Press, 2012.
▪ Tom Igoe, Don Coleman, Brian Jepson, “Beginning NFC: Near Field Communication with
Arduino, Android & Phone Gap,” O’Relly, 2014.
▪ Tuomo Tuikka & Minna Isomursu, “Touch the future with a smart touch,” VTT research notes,
2009.
▪ Veda Coskun, Kerem Ok, Busra Ozdenizci, “Near Field Communication from Theory to
Practice,” Willey, 2012.
205. Copyright Big Data 2018 Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis
LA CERTIFICATION DU COURS sur
https::www.DATUMACADEMY.COM
COURSE CERTIFICATION
on
https://www.DATUMACADEMY.COM
205
206. Copyright Big Data Pr Serge Miranda, MBDS, Univ de Nice Sophia Antipolis (UCA)206