Architecture

About This Presentation

Title:

Architecture

Description:

Architecture – PowerPoint PPT presentation

Number of Views:1584

Avg rating:3.0/5.0

Slides: 123

Provided by: tdela5

Category:

more less

Transcript and Presenter's Notes

Title: Architecture

1
Architecture Development of NFC Applications
Mobile Java development, Java Card, USIM and
touch-based services

Thomas de Lazzari
Smart-University 2009

2
Presentation

Project Managerat the University of Nicewith
Serge Miranda
Ticket TAP
Campus Nova
NFC Container
NFC Forum competition (WIMA, Monaco)
RD Team in Morocco (mobile money transfer)
Blog http//tdelazzari.blogspot.com

3
Campus Nova

NFC trial with Credit Agricole and mobile payment
at the student cafeteria in Sophia-Antipolis

4
Ticket TAP
mobile is digital, targeted and personal
Receive personalized offers ?
Read and seek valuable offers
Present
Future
5
Partners
6
Objectives

Introduction to NFC, its Ecosystem
Radio Frequency Identification
Contactless cards
Standardization bodies
Roles and Actors
NFC tags
NFC on a SIM card
Smart Cards
NFC services
use cases
Pilots and business aspect
Available devices

7
Objectives (2)

NFC for developers
Dev kits
Reading/Writing tags
APDU
JSR 257 177
Java Card
PC/SC readers JSR-268
Midlet
SCWS
Demo and Examples
Conclusion

8
Mobiquity

MOBIlitY (Mobile)
UbiQUITous (Internet)

One of the major added value for NFC is the
security of third party applications provided by
the SIM card.
9
Google Android
10
ATAWAD

Google is going from web to mobile. This means
you can now create a contact or an entry in your
calendar from your mobile and data is
automatically replicated not on the SIM but on
Google servers (trust and private life is another
debate).
ATAWAD Any Time, Any Where, Any Device
They start from the needs without necessarily
innovate.
They did not create the search engine, they just
improved it.
In 5 years well probably say "they didnt
create the mobile, theyve just improved it."

11
Needs of NFC ?

NFC is not like GPS
The value chain and the different roles are
complex.
NFC strenghts
Smart poster.
Configuration shortcut.
NFC in SIM card
Digital signature.
Secure payment.
Handset manufacturersNokia, Apple, ...must
agreewith MNOs Orange, SFR, ...

12
PART 1
Introduction to NFC, its Ecosystem
13
RFID

RFID Radio Frequency Identification
RFID Tags Store and retrieve data (with a
distant reader)
History radar technology, cow identification
(year 1970).
Use case examples road taxes, trace books in
libraires, access card, shops (Wall-Mart).
RFID tags types
Active
Passive (without battery)

14
RFIDFrequencies

125-135KHz
Round corners
Through most things
No radiation problem
No reflection problem
Cheaper electronics

13.56MHz
1m max range
Doesnt work through metal and fluids

UHF
Long range (up to 10m without battery)

GHz
Long range
High data rate
Smallest

Best compromise for most cards and tickets
CONVEYANCES, VEHICLES, LIBRARY, LAUNDRY, ITEM
LEVEL TAGGING, BANKNOTES, ERROR PREVENTION,
SECURE ACCESS, AIRPORT BAGGAGE
ANIMALS, BEER BERRELS, GAS CYLINDERS, SHOES OF
MARATHON RUNNERS
15
From RFID to NFC

Can communicate with objects
Magnetic field induction
Contactless technology based on RFID 13,56MHz
NFC is standardized ECMA-340 and ISO/IEC 18092
Backward compatibility with ISO14443 and
SmartCard
Millions of readers
Easy to use

16
Contactless Cards

FELICA (sony) encryption keygenerated dynamicaly
at each auth.
Topaz Tag Innovision
MIFARE Standard
512bits UL (no security) used for tickets
Other formats 1K (768 Bytes data), 4K
The 16bits random of MIFARE has been hacked
NXP announced MIFAREplus
MIFARE DESFirepreprogrammed cardExample Oyster
Card in London
Gemalto Mifare 4 Mobile
Contactless Java Card

85 of the access control / Ticketing ISO14443
market is Mifare
17
NFC
NFC FORUM http//www.nfc-forum.org

NFC allows a device to read and write a
contactless card, act like a contactless card and
even connects to another NFC device to exchange
data.
3 modes
Card reading (MIFARE )
Peer to peer (initiator target)
Card emulating
Distance 0 - 20 centimeters
Bandwidth to 424 kbits/s
NFC Forum NDEF specs
N-Mark http//www.nfc-forum.org/resources/N-Mark

18
Standardization bodies

ETSI / SCP (Smart Card Platform) to specify the
interface between the SIM card and the NFC
chipset.
EMVCo for the impacts on the EMV payment
applications.
GSM Association
Mobey Forum for mobile financial services
AFSCM is French association for mobile
contactless
Download specifications here http//afscm.org
Global Platform to specify a multi-application
architecture of the secure element.
Etc.

19
NFC FORUM SPECS
Peer to peer mode
Read/Write mode
Card emulation mode
Applications
LLCP (Logical Link Control Protocol)
RTD (Record Type Definition) NDEF (Data
Exchange Format)
Card Emulation (Smart Card Capability for
Mobile Devices)
RF Layer ISO 18092 ISO 14443 Type A, Type B
FeliCa
20
Smart Poster

Location based services
List of proximity services dependingon Points of
Interest
Trailers
Tickets booking

From SMS push to Smart Poster pull
Specifications NFC Forum releases specification
for NDEF. NFC Data Exchange Format which is a way
to format RFID tags to be compatible with NFC
applications. Works with MIME type.
21
Smart Poster RTD
Action record values
Value Action
0 Do the action (send the SMS, launch the browser, make the telephone call)
1 Save for later (store the SMS in INBOX, put the URI in a bookmark, save the telephone number in contacts)
3 Open for editing (open an SMS in the SMS editor, open the URI in an URI editor, open the telephone number for editing).
For example, the Smart Poster record defines a
URI plus some added metadata about that URI.
MAY SHALL
22
NFC Forum tag typeshttp//www.nfc-forum.org/specs
/

Interoperability between tag providers and NFC
device manufacturers
Type 1, based on ISO14443A. Tags are read and
re-write capable users can configure the tag to
become read-only. Memory availability is 96 bytes
and expandable to 2 Kbytes. Communication speed
is 106 Kbit/s.
Type 2, same as Type 1 except that memory
availability is 48 bytes and expandable to 2
Kbytes.
Type 3 is based on FeliCa. Tags are
pre-configured at manufacture to be either read
and re-writable, or read-only. Memory limit is
1Mbyte per service. Communication speed is 212
Kbit/s or 424 Kbit/s.
Type 4, fully compatible with ISO14443A and B
standards. Tags are pre-configured. Up to 32
Kbytes per service.Communication speed is up to
424 Kbit/s.

23
NFC Roles and actors
Service provider
Application owner
Mobile station holder
POS
NFC
SIM
Trusted Service Manager (MNO or TTP)
OTA NFC Service Management
Contactless service management platform
Card Issuer MNO (SIM Card management system)
SIM Card Manufacturer (Smart Card provider)
24
NFC service provider
NFC service operator
Life cycle management system for mobile NFC
applications
3
NFC applications repository
2
Service profile platform
Profile data
1
cardlets
Customers management database
Webapp
KS FS
Interfaces
TSM
Subscribe a service
SDD management system
KS SSD
Mobile domain
SIM management system
Customers management database
Subscribe a service
Card management system
KS ISD
Customer service
Mobile operator
Network access
Subscribe a service
SIM card
Application
Application data
Final user
GUI
KS FS
25
Use case phone is lost
Service provider

Tells phone has been lost
Tells customer has new SIM card

Service installation request after customer
registration

Mobile operator
TSM

Tells phone has been lost
Tells customer has new SIM card
Services management referral for SP

Ask for token (delegated management)
Ask applet installation via ISD (MNO centric
model)

Customer

Install NFC services

26
Global Platform - security domains
Mandated DAP (applications integrity at plaform
level)
DAP Verification (application integrity by SSD)
Issuer Centric (only ISD management)
Delegated Management (token management)
Authorized Management (dual management)
Low TRUST High
High CONTROL Low
By Gemalto
27
NFC on a Mobile Phoneone thing among all
GPS
Screen with a user interface
Security
Keyboard
Contactless
Loudspeaker and Microphone
TV
Camera
Network
etc.
28
NFC Architecture
29
PART 2
NFC in a SIM Card
30
Smart Card

Piece of plastic the size of a credit card
hosting an electronic circuit that can store and
process information.
The integrated circuit (chip) may contain a
microprocessor capable of processing this
information, or it can only contain non-volatile
memory with a security component (memory card).
Smart cards are mainly used as means of personal
identification (identity card, access badge to
buildings, health insurance card, SIM card) or
payment (credit card, electronic purse) or proof
of subscription to prepaid services (calling
card, ticket).
Contact or Contactless smart card readers are
used as a communications medium between the smart
card and ahost (point of sale).

31
Smart Card used in France for healthcare refunds
(Carte Vitale)
32
Smart Card history

The automated chip card was invented
by German rocket scientist Helmut Gröttrup and
his colleague Jürgen Dethloff.
French inventor Roland Moreno actually patented
his first concept of the memory card.
Michel Ugon from Honeywell Bull invented the
first microprocessor smart card.
Bull patented the SPOM (Self Programmable
One-chip Microcomputer) that defines the
necessary architecture to auto-program the chip.

1968
1974
1977
1978
33
Smart Card until today

The first mass use of the cards was for payment
in French pay phones (Bull CP8).
Smart Card is standardized ISO 7816.
The second use was with the integration of
microchips into all French debit cards.
First Java Cards.
Axalto and Gemplus, at the time the world's no.2
and no.1 smart card manufacturers, merged and
became Gemalto.

1983
1987
1992
1997
2006
34
Smart Card categories
Contact card
Contactless card
Microprocessor card
Memory card
35
The memory card

EEPROM read/write memory (4K max)
Ex Mifare
Advantages
Simple
Cheap
Drawbacks
Security (easy to duplicate)

36
Microprocessor card

Microprocessor used by the application running on
card to calculate operations.
Each card can be personalized and updated after
manufacture (for banks with more than 500 000
customers).
Credentials can be updated while the card is
inserted in a bank automat for example.

Very secure for a reasonable cost
37
Smart Card security

Information stored can be protected by a PIN code
Cryptographic operations
Circuit is shielded
Unique serial number
Software security
Access control to data
Data integrity
IN/OUT firewall

38
Smart Card anatomy

CPU Control Processing Unit
SRAM Static Random Access Memory
ROM Read Only Memory
Static
Store the Operating System
EEPROM Electrically Erasable andProgrammable
Read Only Memory
Persistent
CRYPTO Cryptographic processor
RNG Random NumberGenerator
Used to generate keys

39
Smart Card connectors

A Smart Card has 8 connectors (ISO7816-2)
C1 Vcc
C2 RST
C3 CLK
C4 RFU (Reserved for future use)
C5 GND
C6 Vpp (old EEPROM)
C7 I/O (bi-directional, in half-duplex mode)
C8 RFU (Reserved for future use)

40
Contactless Card

ISO 14443 defines the standard for Contactless
Card.

41
Smart Card applications

Secure a computer
Store internet security certificate
Hard drives can be encrypted using and attached
Smart Card
Used to authenticate a user on the computer (at
login screen)

42
Smart card applications

Payment
Credit card, SIM card, TV Channel card, Access
card
Transports
Electronic purse (coffee machine)
Identification
PKI
Digital signature
Can store biometric data
2009 in Spain and Belgium eID card
2 certificates one used to authenticate and one
toapply the digital signature (real legal value)

43
Pyramid of Authentication Technologies
Higher level of security offered for highly
valued information
User private key is kept in a device such as a
smart card. Biometrics are also used to protect
key.
Users private key is stored on a portable
computer device such as a disk.
User name and password authenticates User PGP
encrypts data.
SSL encrypts data.
44
Part 3
NFC potential, services and devices
45
NFC on iPhone
http//www.nearfield.org/
NFC already on iPhone Stickers, 30-pin RFID
readers, SIM add-on
46
Added value services

Exchange data, P2P
Configuration (bluetooth pairing)
Vending machines, service maintenance
Loyalty, couponing
NFC poster, get information
Ticketing
Medical, home care
Web applications
Payment solution
Access control
Mobile signature
Etc.

47
NFC Use cases
by Nokia
48
Mobile Ticketing

A customer books two tickets for a concert.
He pays and downloads his tickets on his mobile
phone with a simple touch.
He meets with his girlfriend and transfers the
ticket on her mobile.
They arrives and unlock security gates thanks to
their NFC mobile phone.

14 millions RFID tickets were produced by ASK for
Olympic Games in China - http//www.ask-rfid.com

Mobile ticketing will become more popular over
the next few years, with 2.6 billion tickets
worth 87 billion, delivered by 2011
Juniper Research (April 2008)

49
NFC in the World (2009)http//www.nearfieldcommun
icationsworld.com

Japan with Sony FeliCa, NTT DoCoMoNTT Docomo
reports 10 million mobile credit card customers
StoLPaN Store Logistics and Payment with NFC
is a pan-European consortium supported by the
European Commissions Information Society
Technologies program http//www.stolpan.com
Akbank and Turkcell test NFC in Istanbul
Visa launches NFC trial in Brazil
Citi launches NFC trial in India
Telefónica launches O2 Money, says it is ready to
deploy NFC
Nokia Money
41 NFC-related trials and launches in the
Asia-Pacific region so far
etc.

50
NFC in France(2009)

Disneyland Paris to test NFC and contactless
cards from October 2009, with Crédit Mutuel and
CIC banks.
Smart-Park with VINCI Park and Monext.
Paris Metro Paris transport operators to launch
NFC ticketing from the end of 2010. STIF will
coordinate the Paris transport operators (Optile,
RATP and SNCF Transilien) and the participating
telecoms operators (Orange, Bouygues Telecom and
SFR).
Pegasus workgroup multi-operator (Orange,
Bouygues Telecom, SFR), multi-bank (BNP Paribas,
Groupe Crédit Mutuel-CIC, Crédit Agricole,
Société Générale) with MasterCard, Visa Europe
and Gemalto for mobile payment in two cities
Caen and Strasbourg
Nice NFC cityhttp//www.afscm.org/entreprises/ni
ce-ville-nfc

51
NFC gives sense to touch based services
Display
Components of an object hyperlinking scheme
Object
Mobile device
Wireless service provider
Reader
Tag URL
Information on Objects
52
NFC tomorrow

Hard beginning Three years ago, ABI Research
predicted half of mobile phones in the world will
be NFC ready in 2009.
Juniper research, september 2009
NFC Mobile Payments to Exceed 30bn by 2012,
Supported by Revenues from Mobile Coupons and
Smart Posters
June 2009 Top handset manufacturers begin
sampling NXPs PN544 NFC chipThe PN544 NFC
controller is the first fully industry standard
NFC handset chip, offering compliance with the
Single Wire Protocoland with Mifare.

53
NFC tomorrow
In a recent presentation, Sony Ericsson says
mobile NFC will take more than 5 years to become
mass market.
54
NFC keys of success

Reach and availability
The availability of NFC phones and SIM card
Variety of use
Ease of use
See iphone
Security
Be able to lock payment card
Added value services
Advantage for customer ?
Infrastructure
NFC access points in shops

Complex value chain Mobile OTA B2C battle
55
NFC Devices

NFC Phones using single wire Protocol and UICC
(08/2008)
The Sagem my700X
The LG L600V
The Nokia 6131 SWP
The Motorola SLVR L7
All devices are more or less concept devices and
come with an InsideContactless NFC Chip.
In order to develop applications with these
devices a Dev Kit (like the Gemalto Developer
Suite) and a SWP UICC is required. All four
devices are already capable of using SCWS.

56
NOKIA 6212

Java MIDP 2.0
Bluetooth 2.0
2 megapixel camera
3G connection
Share business cards, bookmarks, calendar notes,
images, profiles, and more.
Contactless payment and ticketing capabilities.
Access to mobile services and information with a
simple touch.
Uses Java specification requirement 257 (JSR 257)
for third-party NFC applications.
http//europe.nokia.com/A4991363

Jeremy Belostock on the future of
NFC http//fr.youtube.com/watch?vBoOH7AtCT_E
57
Nokia 6216
normal availability appr. Q1/2010

First SIM-based NFC handset by Nokia
Capable of storing credit card, user account and
other security details on the SIM card,

http//toptunniste.fi/topshop/product_catalog.php?
c72
See video, Jeremy Belostock, NFC, and
operators http//www.youtube.com/watch?v53dhyDPXm
H8
58
Security and memory for RFID tags vs cost
National ID card
Aircraft part tag
Passport label / page
Security and/or memory size
Secure access or credit card
Transit card
Transit ticket
Specification typically ISO 14443 or 15693 (read
distance to 50 cm)
Library book label
Item drug label
Retail pallet / case label
7cents Chip cost 3dollars
59
NFC requirements

Integration at a POS level define an application
protocol
Certification and Mobile signature (Wireless PKI)
Backward compatibility MIFARE type A / type B
Service Providers need interfaces (SOA) with MNO
and TSM
OTA customization for Service Profiles
See AFSCM specifications
Interoperability with different phone OS
manufacturers
Allow different secure chip or flash memory ?
Customer understanding between different
applications such as paypass, electronic purse,
credit card emulation
NFC services such as access control must also
work if Mobile is OFF
See, battery levels and thresholds of mobile
phones
What is the added value if service already exists
Mesure social impact before
Tickets or direct payments

60
Part 4
NFC for developers
61
Developing on a Mobile Phone is
except on iPhone ?
What are the solutions to develop a 3rd
party application on a mobile phone
Different operating systems, browsers, etc.
62
NFC Phone Architecture
OTA

Single Wire Protocol (SWP) architecture SIM SE
is same Java Card.
MIFARE is a storage which enables the phone to
act like a MIFARE card.

Applications
J2ME
OS
From a developer's point of view it does not
matter at all where the SE is located. You will
still code against the GlobalPlatform specs. The
only difference comes with the distribution/lifecy
cle model and since in most cases, the operators
control both the SIM card and the phone, the
difference is largely academical anyway. Of
course, business people may think differently,
but that's their problem. Jalkanen, Nokia
discussion boards
CPU
UICC SIM
Apps
OS
NFC Chip
External env.
NFC antenna
63
NFC and C (with Java Native Interface)

JNI allows to call C code and DLL in Java.
To use JNI, you must follow the following steps
Create a Native method in Java
Once the Java class is compiled, you must
generate a header file with the tool javah h.
Compile the native code using the interface
generated at step 2. Change the methods headers
and params.
For example a String becomes a Jstring.

64
NFC and Java

Java / NFCJava is the key. It allows
technologies to work together Bluetooth,
Video, Music, GPRS,
Problems of JSR not implemented on a mobile phone
Graphical user Interface are not always
compatible screen size, different JVM.
Solution Mobile Distillery ? SVG ? Flash lite ?
SIM Toolkit ? SCWS ? HTML5 ?
Native application security problem, no API,
manufacturer lock Symbian development is heavy.

65
Development Kits

Java IDE such as Eclipse or Netbeans
SDK from manufacturers (Nokia)
Dev Kit from card issuers (Gemalto, Oberthur)
Dev Kit from MNO (Orange)

66
JCOP Tools

JCOP tools need
activation key tools.jcop_at_nxp.com
compatible PC/SC reader
Configure SE keyset to 42ENC, MAC and KEY are
all "404142434445464748494A4B4C4D4E4F

Applet extends javacard.framework.Applet

MIDlet

String uri System.getProperty("internal.se.url")
ISO14443Connection iseConn (ISO14443Connection)
Connector.open(uri)

public void process(APDU apdu) byte
buf apdu.getBuffer() // Ignore
Select instruction. if (bufISO7816.OFFSET
_CLA 0x00 bufISO7816.OFFSET_I
NS (byte)0xA4) return
67
Gemalto Developer suite
68
Gemalto Developer suite
69
Nokia 6212 SDK
Compatible with Netbeans and Eclipse http//www.fo
rum.nokia.com/main/resources/tools_and_sdks/nokia_
6212_nfc_sdk/
70
JSR-257 Contactlesscommunication API

For NFC andInfrared
Optional packagefor J2ME
DiscoveryManagerTarget listener (nomatter the
type)
Connection NDEF ISO14443

71
MIFARE
Security in a MIFARE 1K CARD

Card is composed of 16 sectors with 4 blocks of
16 bytes each.
In each sector a block is reserved to define
access bits. Ex block 7.
A key is initialized to read and write data
blocks.

72
MIFARE Anti-collision
Request
Transaction time

An anti-collision system allows to operate with
many cards in the same magnetic field.
The algorithm selects each card one by one and
ensures that the transaction takes place on the
selected card without data corruption.
MAD (MIFARE Application Directory) is a table
written in first sector and used to identify
which sector is dedicated to a specific
application.

Identification 3ms 1ms / collision
Anti-collision
Card id ?
Select card
Authentication 2ms
Authentication
Read block 2.5 ms Write block 6ms
Read/Write
GSMA tech guide NFC mobile device and reader
shall be less than or equal to 250ms to meet
Service Provider requirements.
73
Receive read-only data from NDEF tag
NDEF push The MIDlet can see that it was launched
by touching a tag, by reading the
DiscoveryManager property LaunchType.
74
Java Card

Java Card MIFARE ProX SmartMXare cards with
microprocessor and OS (for example JCOP).
An Applet is a JAVA CARD application stored
inside the Secure Element.
APDU COMMANDS is a way tocommunicate with Applet
ISO14443Connection and 7816-4APDUS
Security Crypto Processor

75
Java Card description

At the beginning, applications on Smart Card were
all developed proprietary and native.
There was a need to find a generic way to develop
an application that could run on 2 Smart Cards
issued by different companies.
The Java Card technology allows developers to
gather around one way of programming using Java.
And it openned the path to third party
applications.
This technology can also be used to develop on a
SIM card. A SIM card has more memory than other
types of Smart Cards like Credit Card.
Java Card includes
An API (application programming interface) to
define Java libraries that can be used
A virtual machine
Runtime (JCRE) memory and security management
Java Card 2.1.1 SDK provides an environment to
test applets,a tool to upload applets into the
Java Card, and code examples.

76
Smart Card protocols

T0 Byte-level transmission protocol, defined in ISO/IEC 7816-3
T1 Block-level transmission protocol, defined in ISO/IEC 7816-3
APDU transmission via contactless interface, defined in ISO/IEC 14443-4

PTS Protocol Type Sélection
ATR Answer To Reset

77
ISO 7816-4 APDU

APDU Command (C-APDU), sent by reader to the card
Header, 4 Bytes
Class instruction (CLA)
Code instruction (INS)
Parameters P1 et P2
Optional body (random size)
Lc length of body (data) in Bytes
Le length of response to the command (Bytes)
The data field contains data to be sent to the
card, to process instructions specified in
header.

78
APDU command types

4 APDUs commands are possible depending on
whether it expects a response back or if it
contains data.
No data, no required answer
CLA INS P1 P2
Data, no required answer
CLA INS P1 P2 Lc Data
No data, required answer
CLA INS P1 P2 Le
Data, required answer
CLA INS P1 P2 Lc Data Le

79
AID

AID unique identifier for an application or a
certain type of files
First 5 bytes are RID (resource identifier)
Following bytes are PIX (proprietary identifier
extension)

80
Java Card

Select

81
Java Card CAP
A smart card is inserted into a Card Acceptance
Device (CAD) to power on the integrated circuit.
82
Java Card features

Threads
CPU on JavaCard does not support multiple tasks
and you cant use synchronized or
volatile .
Garbage collector
Finalize() not supported
Non-supported types Long, Char, Float, Double
Supported types

83
Java Card features

Java Card support atomic transaction
System.beginTransaction()
System.commitTransaction()
System.abortTransaction()

84
Java Card security

Sandbox In Java, code and application data
(resources) are protected by a sandbox and cant
interfere with other applications.

85
Java Card applet

Lets take the example of a Wallet to see how to
code an applet.
This applet allows the SIM card to act as a real
eletronic purse.
Use cases
The applet can add and substract money to a
balance
Shows the actual balance of the purse
It includes a mechanism to ask for a PIN code for
security purposes

See articles on Sun website http//developers.sun.
com/mobility/javacard/articles/intro/index.html
86
Wallet.java
87
Java Card applet Wallet

Package declaration
Java naming convention
Java Card framework

package com.sun.javacard.samples.wallet
import javacard.framework.
88
Java Card applet Wallet

The Java class must extend Applet. It defines all
the methods to communicate with JCRE.

public class Wallet extends Applet
89
Java Card 2 modes

An applet is unactive until it receives an APDU
command
Card Emulation
Reader Emulation

90
Applet PIN code

In the Wallet source code, the VERIFY method
checks the PIN code. The APDU command contains
the parameter PIN (stored inside the data field).
If PIN code is the same than the one defined
during the installation process, the method
returns true.
PIN_TRY_LIMIT 3

91
CLA and INS

We choose the hexadecimal value 0xB0 to identify
our Wallet.
This value identifies all APDU commands that are
processed by the applet.
It means that the APDU commands debit and credit
all start with the byte CLA 0xB0.

Wallet_CLA (byte)0xB0
92
INS

The 2nd byte of an APDU command identifies the
instruction

final static byte VERIFY (byte) 0x20 final
static byte CREDIT (byte) 0x30 final static
byte DEBIT (byte) 0x40 final static byte
GET_BALANCE (byte) 0x50
93
Other values

Other fixed values of our electronic purse
The variables

// maximum balance final static short MAX_BALANCE
0x7FFF // maximum transaction amount final
static byte MAX_TRANSACTION_AMOUNT 127 //
maximum number of incorrect tries before the //
PIN is blocked final static byte PIN_TRY_LIMIT
(byte)0x03 // maximum size PIN final static
byte MAX_PIN_SIZE (byte)0x08
OwnerPIN pin short balance
94
Applet structure

Constructor
Install
Select
Process
Header analysis (CLA and INS)

public void process(APDU apdu)
95
Send and receive APDUs

setIncomingAndReceive()
setOutgoingAndSend()
Transfer mode
Expected length for the answer
Send bytes in response

byte buffer apdu.getBuffer() short
bytes_left (short) bufferISO.OFFSET_LC short
readCount apdu.setIncomingAndReceive() while
(bytes_left gt 0) //process received data in
buffer bytes_left - readCount //get more
data readCount apdu.receiveBytes
(ISO.OFFSET_CDDATA)
byte apduBuffer apdu.getBuffer() apduBuffer0
byte1 apduBuffer1 byte2 apduBuffer2
byte3 //0-offset, 3-number of bytes to
send apdu.setOutgoingAndSend(0, 3)
96
Get Balance

Retrieve current balance of the electronic purse
CLA 0xB0
INS 0x50 GET BALANCE
P1 0x00 Normal mode
P2 0x00
Data
in none.
out 2 bytes of balance.

97
Credit

Mutual authentication
To send the APDU command, you must first
initialize a secure transaction with the applet
(MAC)
CLA 0xB0
INS 0x30 CREDIT
P1 0x00 Normal mode
P2 0x00
Data - in 2 bytes of value to credit.
- out 2 bytes of updated balance.
- exception ISOException with reason
SW_SECURITY_STATUS_NOT_SATISFIED (0x6982) if
authentication failed.

98
JSR-177 SATSA

JSR-177 Security and Trust Services API for J2ME
Used to communicate with SIM card
Used to encrypt/decrypt/sign data
Example with symmetric algorithm
herehttp//wiki.forum.nokia.com/index.php/Encryp
tion_of_data_using_JSR-177

99
Gemalto examples

APDU commands of GPPurse applet are stored in the
file APDU_Commands.atf that comes with the
project. You can open this file with the Jcard
Manager and execute each command at a time.
Or manually thanks to the option Send APDU in the
menu bar.

100
Gemalto developer suite Instance AID
101
(No Transcript)
102
(No Transcript)
103
Nokia 6131 Secure Element

Secure Element consists of Java Smart Card area
and Mifare 4K area
A specific API provided for Applets to access
Mifare memory
All access is password protected
Password is one-way hashed from Mifare KeyA and
KeyB
JCSystem atomic transaction management
The Secure Element IS NOT a play ground

Protected by Issuer specific secret keys
Protected by transport keys
104
PC/SC readers

SCM reader uses PC/SC driver (Windows)
Other readers Philips Pegoda, Omnikey Cardman,
etc.
The most commonly used smart-card interface is
PC/SC, a middleware layer backed by Microsoft,
and part of the Windows operating system.
JPCSC is a Java-wrapper around the native PC/SC
API. JCOP Tools includes JPCSC and uses it on
Linux and MacOS X. On Windows, JCOP Tools uses
the native PC/SC API directly.
JCOP Tools also includes the JCOP offcard API,
which is a comprehensive smart card API with
special support for Java Card and GlobalPlatform.
That sits on top of native PC/SC, JPCSC, and some
other proprietary card middleware.
OpenCard Framework (OCF), see http//www.opencard.
org(consortium split up).

105
javax.smartcardio
Java 6 introduces Smart Card I/O API defined by
JSR 268.
106
Dev tools and architecture

Devices used - Mobile phone NOKIA 6131 - Tags
MIFARE 1K - Pegoda Reader / Philips - SCM
Contactless Reader
For developers Netbeans, Eclipse, Visual Studio,
etc.
NFC software layers
Graphical User Interface (GUI), implemented in
J2ME (or other).
Controller / Application logic (as much as
possible), implemented on the Java Card / Secure
Element.
Memory of the Mifare element used for storing
data.

107
MIDlet proxy
OTA Server
Phone
Secure Element
MIDlet
Mifare
Applet
OTA provisioning can be done through HTTP / HTTPS
or BIP/TCP. BIP is a new generation protocol
allowing remote SIM management over the air
(remote file management, remote application
management).
108
Physical layer

Steps for astandard NFCcommunication
Open
Poll
Connect
Exchange
Disconnect
Close

109
J2ME Java Midlet

Java Platform Micro Edition Software Development
Kit 3.0
Lightweight UI Toolkit (LWUIT) integration
http//java.sun.com/products/sjwtoolkit/
ProGuard (obfuscator)
Limited storage
A mobile phone application is divided into 2
packages, a descriptor JAD file and a JAR file
containing Java classes.
Thanks to the JAD file, the JAR file is installed
on the mobile phone. Developer can set JAD
attributes to manage permissions, push registry,
etc.
Use a Controller to listen and launch threaded
events
Call to NFC chip
Print new screen
Save data in Record Store

110
J2ME Signature and certificate

Security exception
MIDP permissions
javax.microedition.io.file.FileConnection
javax.microedition.io.Connector

111
SmartCard Web Server

SIM Toolkit successor.
SCWS technology can be installed on new
generation SIM card and allows GUI management
thanks to mobile web browser.
The SIM card is the authorization module for
secure electronic transactions but its the
mobile phone that controls and generates
graphical interfaces. With SCWS, a developer can
implement the full application in one package and
deploy it directly on the SIM card. MMI and
Applets are on the same media. Deployment and
administration of applications are simplified.
For example if the user changes his mobile
phone.
Moreover, generated interfaces are compatible
with most phones but the rendering and user
interaction is not necessarily better.

112
SCWS Demo
113
Example of applications
114
Mobile Signature Service Provider

See Mobile PKI (ETSI).
The MSSP platform is a solution to manage digital
signatures for a MNO.
Two processes
Registration to obtain a certificate and a
private key
Signature to sign data (with private key)

Service Provider
MSSP
Certification authority
Operator
115
Ex eBanking authentication

Customer accesses his bank website thanks to his
login/password.
Bank sends a request for authentication to
Operator (WPKI). This request includes the mobile
number (IMSI International Mobile Subscriber
Identity)
Customer enters PIN code
eBanking service is authorized

Enter PIN code
The application needs to verify your identity

Back
Ok
116
DEMO

Creating a JavaMidlet
Netbeans Mobility pack
Reading a NDEF tag
Uploading an Applet ona Secure Element
Send an APDU command to my applet from the mobile
and from a PC/SC reader.

117
HelloKiosk
118
Conclusion

NFC in handsets without knowing itreally soon
Industry is now convinced
SDK standardization
Easy to use ! Remember iPhone

119
Conclusion
For developers

Use J2ME 3.0
Use JSR 257 or SCWS
Optimize your code
Store your data online
Never trust a MIDlet
Sign your application
Use J2ME Polish or LWUIT to adapt your
application to your target platforms (screen
size)
Use web app for cross-platform development
Use AFSCM specifications for OTA
NFC is not an exchange protocol but
identification

120
Resources

http//discussion.forum.nokia.com/forum/forumdispl
ay.php?f144
http//wiki.forum.nokia.com/index.php/NFC
http//forum.java.sun.com/forum.jspa?forumID23
http//www.nearfieldcommunicationsworld.com
http//www.talknfc.com
http//www.blognfc.com
http//www.nfcnews.com
Writing a Java Card Applethttp//developers.sun.c
om/mobility/javacard/articles/intro/index.html

121
Resources