Tag Archives: secure element

ISIS Mobile Wallet / Google Wallet / iPhone Mobile Payment

Posted on by

Yesterday when I was checking out at the Wholefood Market, I was delightfully surprised by their new NFC-enabled reader. At the top of the screen, it said “Swipe/Tap Your Card/Phone”. According to the excited cashier, I was the first one using my phone to pay.

ISIS Mobile Wallet has been available since November 2013. Jamba Juice was chosen as the main promotion partner; a free drink for payment made with ISIS. Jamba Juice was committed to give away one million drinks. For a while, I was having Jamba Juice every day. What a treat!

James D. White, chairman, president and CEO of Jamba Inc., in a company press release, said “Facilitating 1 million transactions through the mobile wallet over the last seven months confirms that the era mobile commerce has arrived. I am proud that Jamba has been able to serve as a leader in the space”.

I appreciate their leadership for this emerging technology.

There are many discussions about Apple’s potential mobile payment and the possibility of an NFC-enabled iPhone 6. I think it might be helpful to describe two approaches to implement an NFC mobile payment. If you want more technical information, please check out the details in this Android page.

I. SIM based Secure Element (SE):

In order to be able to use ISIS mobile payment, you need to get an ISIS SIM card from your service provider. The SIM card includes a Secure Element (SE) that contains your credentials.

When an NFC Reader is tapped by an NFC device, the NFC Controller routes traffic to the SE for authentication.

This approach is very secure because it is difficult to hack the SIM card.

II. Hosted Card Emulation (HCE):

When you use Google Wallet, you don’t need a specific mobile payment SIM. Google wallet uses HCE.

The NFC card is emulated using HCE. When an NFC Reader is tapped by a device, the data is routed to the host CPU. This approach uses the credentials that are stored in a remote server for authentication.

HCE is considered to be a threat to the SIM-based SE and is adopted in various NFC secure applications.

Now the questions is “When iPhone adopts NFC, which mobile payment approach will it choose?

Source of pictures: developer.andriod.comhttps://developer.android.com/guide/topics/connectivity/nfc/hce.html

HCE is Here to Stay

Posted on by

SIMalliance published a whitepaper last month entitled “Secure Element Deployment & Host Card Emulation”. It stated that, “SIMalliance contends that while HCE is good for the NFC ecosystem as a whole, the technology remains immature, unstandardized and, relative to SE-based deployment, vulnerable to malicious attack.”

In general, an evaluation becomes meaningful when context for it is set. I am glad to see the white paper set the following context: “Given HCE’s current and anticipated limitations, SIMalliance considered HCE to be best utilised in use cases where stringent security requirements, optimal transaction speeds and always- available functionality are not mandatory.”

Secure Element (SE) is a more mature and established technology supported by standards groups (ETSI, 3GPP, GlobPlatform and Java Card). Not only does it provide more security for NFC services, but also it has an established certification process. At the same time, SE embedded in SIM cards are controlled by the telecoms, and SE embedded in devices are controlled by device manufactures. They are not open to developers to use freely. Therefore SIMalliance recommends that, “MNOs should request OEMs to implement default NFC routing to the SE”.

So the questions are how many NFC apps need to have stringent security requirements, and how fast telecoms and device manufacturers can implement default NFC routing to the SE. Telecoms and device manufacturers want to make a profit by controlling SE access. That’s why Google is using HCE to implement Google Wallet thereby bypassing the control. I think HCE is here to stay until all stakeholders decide to work together in allowing NFC technology to develop to its full potential.

ISIS – Not an Option for my Galaxy 3

Posted on by

Yesterday, I was at the AT&T Store to get an ISIS SIM card in order to use ISIS mobile payment. The rep was very excited since this was the first time she has activated an ISIS SIM card. The store manager Chris was next to us assisting her. He was very pleasant and introduced Digital Life products to me while we were waiting for ISIS to work.

After trying two ISIS SIM cards, three reboots of the phone,  four technical support calls and 1.5 hours waiting, my Samsung Galaxy 3 kept on returning with an error message that read “ISIS requires a new SIM card with a Secure Element”.  Tech support was transferred from AT&T to ISIS and the problem remained. So ISIS tech support suggested to transfer back to AT&T tech support. Finally, we decided that ISIS was not going to be an option for my phone.

I looked at the Google Play store and found similar dissatisfied comments made by other consumers. Carriers have some work to do to fix these problems.

ISIS Mobile payment started its trial last fall in Austin and Salt Lake City. It uses NFC technology for data exchange and secure element in the SIM card to save credit card information. Since a SIM card is hard to hack, a SIM based secure element is a more secure solution. Secure element will also be used for storing credentials for building access; for example hotel room locks or office building access.

The transportation market segment is also planning to store credentials to SIM based secure element so that mobile phones can be used to pay transit fare. Since the carriers’ infrastructures are not ready, the transportation market may get impatient and give up on secure element.

I hope the future secure element based NFC applications will work well so that consumers can really enjoy NFC technology and pick up the technology as Asia and Europe have. A good news is that ISIS has introduced ISIS Alliance Program to support the ecosystem. We shall keep an eye on its development.