Secure Element, NFC, HCE, EMV, Tokens and Cards

7 May 2014

This blog is for my non-techie, non payment friends.. helping to make sense of all these acronyms.. experts may want to pass on this one.

The GSMA/NFC community is quite stirred up at the moment. This is quite understandable…  after all they spent 8 years perfecting their vision of NFC only to have it thrown under the bus by Apple and Google. I’m not knowledgeable enough to go into the depths of the protocol, or EMVco 4.3 Book 3. I’m giving the quasi technical business explanation of what is going on. There is room for disagreement here, as there is substantial interpretation, as well as understanding of what is REALLY happening vs the specifications.  Remember this is not my day job… so your comments/corrections are welcome. By far the most useful reference/summary page I have found online is located here

It’s easiest for me to explain all of this in the context of an example. Credit cards are the easiest example as they are in the market today, with a few different implementations of contactless and touch the areas above.EMV


EMVco has a contactless specification which I challenge any non-techie to read. For this short blog, the key point I wanted to make is that the Credit card number (PAN) is given to the POS unencrypted, in the clear. That’s right… don’t believe me? See:

Your next question is probably “Where is the security?” the answer is that that along with the card information, the device sends a cryptogram that is uniquely signed. In other words there is a digital payload that rides along with this credit card primary account number (PAN). This digital payload uniquely identifies the device that EMULATED THE CARD. Think about is as someone validating your SIGNATURE on the document with your social security number on it… Your number is there.. but they make sure it is you by validating the signature.

So why is the SIMAlliance extolling the virtues of a Trusted Execution Environment (TEE) and SIM/UICC? After all we seem to live without this capability quite well in the PC world. Mobile operators want the ability to SIGN and AUTHORIZE more than access to mobile towers. That SIM card in your GSM phone signs and authorizes access to the mobile network, much as MNOs envisioned doing for payments. That is how the GSMA’s version of NFC evolved.. “hey we do this for network access.. lets do it for payments”.  To be clear there is nothing technically wrong with the GSMA NFC approach.. it is beautiful… but there are substantial business model issues (see Payments part of the OS).

Apple and Google are both moving aggressively to act as Commerce Orchestrators as handsets become commodities and data moves to cloud, enabling the mobile phone to be the key services platform at the confluence of the virtual and physical world is critical. It is not about payment. Authentication is core to this orchestration role.. authentication is not something that can be given away to MNOs or to Banks.


It makes most sense to jump to TOKENS now.  You can imagine that Banks don’t exactly like having their card numbers sent in the clear. In fairness they were involved in the specification, but the EMVCo contactless model is essentially a card number plus authentication. There is more than one way to achieve this, and improve on it by hiding  the PAN… this is what tokens are (a few examples described in Money 2020: Tokens and Networks, Apple’s Plans and Google/TXVIA).token

Tokens are not new (see Tokens… 10 Approaches). However Tokens are now an official EMVCo specification as of March 2014, with the major issue of Token Assurance outstanding. In this token model, the issuer chooses at Token Service Provider (or does it themselves) and creates a number to replace the PAN. This takes your PAN out of the open… and makes it useless. To be used the Token must be presented by the right party, with the right assurance information. All of this aligns VERY WELL to how banks and networks work today, which is why it is so popular (see blog on HCE).  In the GSMA NFC model, the a cryptogram goes along with a PAN in the clear with the PAN stored in the phone in a secure element.  In the token/HCE model a Token representing the card is stored in a less secure space, and presented with device and network information for translation by the TSP to the actual PAN. There are substantial Business Implications of Payment Tokens (blog) which I won’t go through again here, but clearly it cuts the mobile operator out of the “signing” role and they become dumb pipes.

My Gemalto friends will howl at how unsecure this is, or how it won’t work if the device has no network access. They are wrong. It is working today, and is secure enough. There is no connectivity requirement, that software token in the phone can change every 10 seconds, 10 minutes or 10 days. The TSP and Issuer can decide whether or not to accept an “old” token based upon the transaction. In other words the intelligence sits IN THE NETWORK.. NOT IN THE PHONE. This is why V/MA/AMEX love it so much. It cements their position (See Perfect Authentication… A Nightmare for Banks?)

Host Card Emulation

emvco token

This is an Android construct (see Software Secure Element – HCE Breaks the MNO NFC Lock) that allows any application to access the NFC Radio. Without Tokens, HCE would be useless for payments, as payment information can’t be securely maintained without an SE.  Think of HCE as dependent on tokens, now a card emulation application can be certified to run outside the secure element.  I don’t like to put Apple in the HCE boat, as they have a proprietary secure architecture using tokens. This is a uniquely apple construct where the networks seem to have certified Apple’s card emulation application(s) as well. It is important to note that they use none of the GSMA’s architecture (to my knowledge) and have embedded the TEE in the apple processor (see Apple Insiders note on Secure Enclave and Authentication in Value Nets).

Secure Element

Is it needed? Certainly it is needed for at least 2 functions: Mobile network access (SIM/UICC) and Biometrics. Fingers and Eyes are very hard to reissue.. so the actual information must be highly protected. Apple is handling biometrics in the A7 Secure Enclave (oddly enough has the same “SE” acronym) and Google is a tad bit behind but handling in ARM’s trustzone. Trust zone is largely a hardware construct, and much is made of Gemalto’s marketing announcement here. My view is that there are many more than on software solution for ARM.. and ARM is much more tied to Google and OEMs than Gemalto.

The “big news” here is that both Google and Apple are EMBEDDING SEs in their hardware architecture. Embedded SEs are a threat to Mobile Operators and their preferred Single Wire Protocol architecture. As you can imagine, an embedded SE has all the capabilities of the SE within that micro-SIM card.. and sets up the prospect for a Virtualized SIM (no more of those GSM cards popping into your phone). If the SIM can be virtualized you can switch your network provider anytime you want.. or have them bid for your phone call ( see Carriers as dumb pipes? , Who do you Trust?, Also see Apples patents on Virtualized SIM). To be clear, I believe MNOs can take a leadership position in Emerging markets and payments, but for POS Payments in OECD 20 markets it makes most sense for them to focus on the $5B KYC/Authentication/Fraud opportunity (NOT payments).

OK… now you can shoot me… Open to feedback.



Apple and NFC

Apple may be running much faster than anyone in the industry knows toward this vision. Perhaps they have already indigenously created this new combined secure element/UICC/BT Radio. I see no need for them to run with this early… But if they did create it in the iPhone 5 they will certainly have the control to govern how it is used.

Apple and NFC..

Nothing really new here for the NFC crowd. No new information..  Purpose is to paint a picture by which investors can make a call.

Most of the issues associated with NFC today are NOT technical.. but rather business: What value can it bring? Who controls it? Who makes the money? How is it shared? For payments… NFC has been a complete bust (with the exception of Asia). Retailers just aren’t excited about the prospect of paying credit card interchange (3.5%) for the privilege of accepting a mobile payment which funds a 12 party supply chain  (necessary to make NFC work).

The WSJ (July 6, 2012) and I both have consistent information that Apple will NOT be rolling out NFC in the iPhone 5. If true, I believe Apple’s exec team is taking a brilliant approach to be a late follower here. Let everyone else pay the freight to educate the customer, and establish a high level retailer POS value proposition (with associated retail infrastructure). Apple is much better positioned to extend the App Store experience into mCommerce.. and control the customer end-end experience. Apple will also likely expand “selectively” into physical commerce areas like ticketing.

To be clear, I’m not positioning that Apple has run away from NFC.. but there has been no success to date and there is no reason for Apple to run into this space. In order to monetize and sort of physical POS solution, Apple must have a business structure that can orchestrate a very complex “physical commerce” value proposition. Keep in mind Apple doesn’t have much of a sales force to cover advertisers AND retailers globally. Rather than “focus” on the POS, or implementing standard NFC chipsets, I see Apple doing something “unique”… What is it?

I was meeting with senior NFC execs this week, and the consensus view is that Apple will likely redefine phone hardware architecture.  Most of you have read about Apple’s recent patent application which would allow the SIM to be logically placed within the SE. Also there are rumors about expanding the capabilities of the Radio and Controller to also cover Bluetooth functionality. The “value” that an integrated hardware solution? Not that much different than what NFC alone is capable of.. but it would greatly reduce footprint, power, time, and perhaps even expand “throughput” (example Accelerating/bypassing BT pairing: NFC is  424kb/s while Bluetooth V2.1 is 2.1 Mbit/s).

Although far from being an expert in this area, my summary view is that Apple recognizes the need for a secure radio and data store in the device that it can control.  A metaphore for an ID.  How do they want to control this ID? Well they certainly need to secure the wallet access (AuthenTec $356M last week, plus rumored IRIS scanning).

This approach is opposed to that of the carriers all of which are working very hard to “standardize” on an NFC architecture (Single Wire Protocol – SWP) that they will control. Apple’s plans are firmly in the opposite direction, and a brilliant business move. Giving carriers the control over this utility would be akin to letting them run an app store that they control.

Apple may be running much faster than anyone in the industry knows toward this vision. Perhaps they have already indigenously created this new combined secure element/UICC/BT Radio. Although I see no need for them to run with this early… But if they did create this capability in the iPhone 5 they will certainly have the control to govern how it is used.

What does this means for investors? Perhaps you start by asking Vivotech’s .. as they just folded up shop after 12 years. A fantastic team with a rock solid product line.. their fault? Betting  NFC would take off sooner.  Given Apple’s unique ability to capture mobile ecosystem profits it is always tough to find areas to nibble.  On the software side, how can new companies help Apple orchestrate value propositions in the physical world? Retail? Ticketing? Healthcare?.. The times.. they are a changin…

ISIS: Antonym of Nimble?

ISIS – The Antonym of Nimble

Last week’s announcement that ISIS is abandoning plans for its own payment network (NFC Times) is not a surprise. This blog has covered ISIS since 2009 (before it had a name). Now we can add ISIS to the great names in mobile payments: PayBox, Obopay, Firethorne, Monitise, Enstream, …

It turns out ISIS was a Desert.. why have they failed?

  • Business Strategy based on “Control” instead of value.
  • Consortiums are not nimble, MNOs are not nimble, and a consortium formed around a poor business strategy will not be able to adapt without a very strong and experienced CEO.
  • Existing networks and ecosystems did not align with (or support) ISIS initial strategy.
  • Building a new network is an expensive undertaking.. building one without a value proposition is impossible

From my perspective the tipping point that killed ISIS was their inability to exert control over the secure element. Their entire business plan was dependent on this. When RIM announced its SE architecture 2 weeks ago, with Apple likely to follow.. it became perfectly clear that ISIS could not control and provision wallets, cards and applications that access the SE (related blog).

Mobile payments are still firmly in the hype stage. Until a real consumer value proposition develops that leverages the handset’s unique assets, consumer’s data, payment, retailer integration in a way where multiple parties can “participate” it will remain a niche. Getting excited about NFC is like getting Satellite radio in your car.. sure it’s cool and all cars will eventually have it, it may even improve your life.. but there are plenty of alternatives and many people have no need of it at all.

That said, there are many useful software products that could use this technology to deliver real consumer value. Most innovations are either targeted to either the top end (cutting edge performance) or to the bottom end (lower cost) of requirements. NFC adoption will take place within multiple solutions targeting the “top end”, each of which has a strong network effect component. Solutions will succeed either by delivering the most value point-point or through network scale. Payments are but one core service that NFC must deliver on.

From my previous Blog

Globally, MNOs are looking for a platform where Operators can benefit from interaction between consumer and merchant, with flexibility to deal with a heterogeneous regulatory environment. The competitive pressures on Visa/MC are much different then they were 5 years ago (when both were bank owned). The network fee structures and rules were written with banks and mature markets in mind. …

All of this leads to the case for a new “Mobile Payments Settlement” network, a network which will alienate many banks. I expect to see Visa roll out the initial stages of this network in the next 2 months with an emphasis on NFC. Quite possibly the best kept secret I have ever seen from a public company. I’m sure many Silicon Valley CEOs are crossing their fingers (with me) on this, as a “new wave” of innovation is certainly close at hand that will drive growth (and valuations).

NFC – Who owns the Secure Element?

How can banks play in NFC? Who Owns the SE? Great paper from the Mobey Forum

19 Jan 2011

I was researching “ownership” scenarios for the secure element in handsets and ran across this excellent analysis… a must read for banks. 

White Paper Alternatives for Banks to offer Secure Mobile Payments

Kudos to the Mobey Forum! Well Done.