Host card emulation

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Host card emulation (HCE) is the software architecture that provides exact virtual representation of various electronic identity. access, transit and banking cards using only software. Prior to the HCE architecture, NFC transactions were mainly carried out using secure elements, which were integrated into carrier-issued SIM cards.[1] HCE enables mobile applications running on supported operating systems the ability to offer payment card and access card solutions independent of third parties while leveraging cryptographic processes traditionally used by a hardware based secure elements without the need for a physical secure element. This technology enables the merchants to offer payment cards solutions more easily through mobile closed-loop contactless payment solutions, offers real-time distribution of payment cards and, more tactically, allows for an easy deployment scenario that does not require changes to the software inside payment terminals.

History[edit]

The term "host card emulation" (HCE) was coined in 2012 by Doug Yeager and Ted Fifelski, the founders of SimplyTapp, Inc., describing the ability to open a communication channel between a contactless payments terminal and a remotely hosted secure element containing financial payment card data, allowing financial transactions to be conducted at a point-of-sale terminal.[2] They have implemented this new technology on the Android operating system. At that time, RIM had a similar functionality, calling it "virtual target emulation", which was supposed to be available on the BlackBerry Bold 9900 device through the BB7 operating system. Prior to HCE, card emulation only existed in physical space, meaning that a card could be replicated with multiple-purpose secure element hardware that is typically housed inside the casing of a smart phone.[1]

After the adoption of HCE by Android, Google had hoped that by including HCE in the world's largest mobile operating system (which by that time covered 80% of the market[citation needed]), it would offer the Android payments ecosystem a chance to grow more rapidly while also allowing Google themselves to deploy their Google Wallet more easily across the mobile network operator ecosystem. However, even with the inclusion of HCE in Android 4.4, the banks still needed the major card networks to support HCE. Four months later, at Mobile World Congress 2014, both Visa and MasterCard made public announcements about supporting the HCE technology.[3][4]

On December 18, 2014, less than ten months after Visa and MasterCard announced their support for HCE, Royal Bank of Canada (RBC) became the first North American financial institution to launch a commercial implementation of mobile payments using the HCE technology.[5]

As a result of widespread adoption of HCE, some companies offer modified implementations that usually focus on providing additional security for the HCE's communication channel. One such implementation is termed HCE+.

Impact[edit]

NFC has faced adoption issues due to lack of infrastructure (terminals) and the Secure Element approach preventing organizations with the desire to participate in mobile payments from doing so due to the high up-front capital costs and complex partner relationships.

By supporting HCE in Android 4.4, Google enabled any organization that can benefit from the NFC technology to do so at a relatively low cost.[citation needed] Some areas the new HCE architecture can support include payments, loyalty programs, card access and transit passes.

Implementation[edit]

Host Card Emulation is the ability for Near Field Communication information transfer to happen between a terminal configured to exchange NFC radio information with an NFC card and a mobile device application configured to act or pretend to emulate the functional responses of an NFC card. HCE requires that the NFC protocol be routed to the main operating system of the mobile device instead of being routed to a local hardware-based Secure Element (SE) chip configured to respond only as a card, with no other functionality.[6]

Since the release of Android 4.4, Google has implemented HCE within the Android operating system.[1] Google introduced platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programs, card access, transit passes, and other custom services.[6] With HCE, any app on an Android 4.4 device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice. Apps can also use a new Reader Mode so as to act as readers for HCE cards and other NFC-based transactions.

The first known mobile handset to support anything like HCE outside of the Android family was the Blackberry bold 9900 that was first available in Thailand. released together with Blackberry 7 OS.[7]

CyanogenMod operating system was the next known mobile device operating system to support HCE [7] through the effort of modifying the NXP NFC stack known as libnfc-nxp, the NFC service manager, and operating system APIs by Doug Yeager. The OS APIs were adapted to include two new tag types that were called ISO_PCDA and ISO_PCDB which are also known terminal or PCD standards. This would imply that you could "read" a tag in the same manner that you could read a terminal..

Microsoft has announced new support for HCE for NFC payments in Windows 10. This will allow for improved payment integration flows to enable coexistence of HCE with UICC-based secure elements in Windows 10 and Windows 10 Mobile.[8]

Uses[edit]

HCE is used to allow transactions between mobile devices and other credential acquiring devices. Those devices may include other mobile devices, contactless point-of-sale terminals, transit turnstiles, or a variety of access control touch pads. For example, Android developers can leverage HCE to create specific payment experiences, such as using HCE to enable a mobile application as a transit card.[9]

References[edit]

  1. ^ a b c "Host-based Card Emulation". developer.android.com. Retrieved March 1, 2015. 
  2. ^ "SimplyTapp Proposes Secure Elements in the Cloud". 
  3. ^ "Visa Inc.". Retrieved 2 October 2014. 
  4. ^ "MasterCard to Use Host Card Emulation (HCE) for NFC-Based Mobile Payments". MasterCard Social Newsroom. Retrieved 2 October 2014. 
  5. ^ "RBC First bank in North America with Host Card Emulation". Retrieved 18 December 2014. 
  6. ^ a b "Android KitKat". Android Developers. Google. Retrieved 2 February 2014. 
  7. ^ a b Clark, Sarah. "SimplyTapp proposes secure elements in the cloud". NFC World. Retrieved 2 February 2014. 
  8. ^ "Windows 10 for mobile gets HCE". nfcworld.com. Retrieved 25 March 2015. 
  9. ^ "[HOW-TO][CHICAGO] Ventra using SimplyTapp". XDA Developers.