White Papers – a combination between a magazine article and a brochure. by Izabela Geisler

WI-FI OFF LOAD WHITE PAPER

TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 INTRODUCTION 05 IWLAN 06 EAP 09 OTA OVER WI-FI 10 CONCLUSION 11 ACRONYMS 12 ABOUT OBERTHUR TECHNOLOGIES 12 DISCLAIMER 12 AUTHOR TABLE OF FIGURES: 4

FIGURE 1 – REFRESH SIM CARD OVER

FIGURE 2 – IWLAN BASIC ARCHITECTURE

FIGURE 3 – EAP ARCHITECTURE

FIGURE 4 – EAP AUTHENTICATION

EXECUTIVE SUMMARY Since the introduction of smartphones and tablets, data traffic has exploded on cellular networks. LTE (Long Term Evolution) networks have been deployed to better cope with huge amounts of data. However, this is only a temporary solution that will not prevent a saturation of mobile networks. One solution would be to off load this traffic to a free spectrum system that is Wi-Fi. To do so, Mobile Network Mobile Operators need to connect their cellular network to their Wi-Fi network, this is what we call IWLAN (Interworking Wireless Local Area Networks). This off load traffic must be performed in a smooth and secure way for the end user. EAP authentication to Wi-Fi hot spots through SIM card credentials allows that.

While the mobile device is connected to a Wi-Fi hot spot, its SIM card can be refreshed through OTA over Wi-Fi instead of going through a cellular network. This means:

• The SIM card can still be refreshed when the device is out of cellular network coverage. • Reduced costs if the end user is roaming. Integrating Wi-Fi network on a cellular network and leveraging the SIM card capability for this integration presents lots of advantages that this white paper depicts. Those advantages include: • Data traffic off load from cellular network to a more cost effective network that is Wi-Fi. • The SIM card can be refreshed even if the mobile device is out of coverage thanks to Wi-Fi. • The authentication is secured thanks to the SIM card that leverages cellular credentials. • End user can smoothly authenticate to the Wi-Fi network without any action.

INTRODUCTION Since the introduction of smartphones and tablets, traffic has exploded on cellular networks. Network technologies have evolved to cope with the introduction of several new generations like 3G and now 4G (LTE) networks. As you may have noticed, the more is offered to the end user, the more he consumes. We all had this experience when going from a dial-up connection to DSL. Data consumption has exploded on landlines and the same phenomenon is happening in the cellular world.

Alongside, some mobile operators have deployed Wi-Fi hot spots on a free spectrum. Those hot spots can carry data at a much more efficient cost for operators, from both a CAPEX and an OPEX point of vue. The resulting idea is then to off load this cellular data traffic to the Wi-Fi network that is more cost effective. An interconnection between the cellular and the Wi-Fi networks is required to form the IWLAN. Once this connection is done, in order to smoothly and

Figure 1 - Refresh SIM card over Wi-Fi

securely authenticate users to the Wi-Fi, an application in the SIM card is required. This application is called EAP. Over-The-Air (OTA) can also be performed over Wi-Fi to refresh the data and applications in the SIM card. This white paper decribes those functionalities and their advantages.

IWLAN First let us clarify some vocabulary:

• Wi-Fi stands for Wireless Fidelity. It is a general term used to call 802.11 a/b/g/n. Wi-Fi is a trademark of the Wi-Fi Alliance. • WLAN stands for all 802.11 standards. It includes a/b/d/e/g/h/j/i/n/y. There may be a lot of devices which comply with the IEEE 802.11 standards but may not certified by the Wi-Fi Alliance and hence may not have the "Wi-Fi" logo on them.

To optimise the data transport cost, Mobile Networks Operators (MNOs) need to make the best usage of their assets which are cellular networks and Wi-Fi hot spots. Those assets need to be interconnected. This is the purpose of IWLAN. It interconnects Wi-Fi networks with cellular networks. To understand the concept, here is a simplified figure of the “IWLAN basic architecture”: The two authentication entities on the cellular network and on the WLAN architecture are now interconnected. The authentication entity on the cellular network side can either be

the HLR or the HSS. On the WLAN side, the authentication entity is the AAA (Access, Authentication and Authorisation) server. The interface is called D’/GR/Wx and depends of the HLR/HSS version. Thanks to this interface, the cellular credentials can be reused to authenticate to the Wi-Fi network. The PDG (Packet Data Gateway) performs authentications and authorisations for tunnel requests, but the AAA server is responsible for authentication on the WLAN. This AAA server communicates with the HLR/HSS thanks to the RADIUS or DIAMETER protocols.

CELLULAR NETWORK HLR/HSS

D’GR’/WX

WLAN

PDG

Figure 2 – IWLAN basic architecture

AAA

EAP WHY EAP?

WHAT IS EAP?

Once the Wi-Fi and cellular networks are interconnected, the SIM card credentials can be reused to authenticate to the Wi-Fi networks. This has several advantages for Mobile Network Operators and for end users.

EAP is an authentication protocol suitable for identifying mobile subscribers over IP networks (ADSL and Wi-Fi). EAP is a framework and exists in many different methods:

• EAP-SIM:

• The lack of “Seamless Authentication” to Wi-Fi networks, which is considered as one of the top barriers according to a survey done in 2011 by the Wi-Fi Broadband Alliance. Reusing the credentials of the SIM card enables end users to authenticate to the Wi-Fi layer without using user name/ password or WEP keys for example. No end user action is required for the authentication. • Security to access Mobile Network Operators, which is a key concern. Reusing the security mechanisms and in particular the secure element, which is the SIM card, and the associated keys and algorithms, is definitely the best way. By using EAP-SIM or even a more secure mechanism: EAP-AKA as a preferred option.

using a 2G algorithm

• EAP-AKA: using a 3G algorithm

• EAP-TLS: using device-side and server-side certificates • E AP-TTLS-MSCHAPV2: username & password with certificate on server The EAP-SIM and EAP-AKA SIMBased authentication methods enable mobile operators to use the same credentials for both mobile and Wi-Fi Authentication. Those are the two methods we are going to discuss in this white paper.

EAP PROCESSING

EAP KEYS/ALGO

EAP PROXY

Figure 3 – EAP architecture

EAP ARCHITECTURE EAP functionalities are divided between the card and the terminal. A small EAP proxy resides on the terminal and forwards EAP commands, exchanged between the card and the authenticator. The proxy does not act inside the EAP Commands content.

There are three main components in EAP: • EAP PROXY: responsible for detecting and forwarding EAP requests from the Wi-Fi hot spot to the EAP processing entity. This EAP proxy has to be located in the mobile device.

• EAP PROCESSING: responsible for analysing, processing and packaging the EAP messages sent to the network in order to perform the authentication. This entity can either be located in the mobile device or in the SIM card when EAP-SIM is used, but it can only be located in the SIM card when EAP-AKA is used.

WLAN AAA

PDG

Figure 4 – EAP authentication

• EAP KEYS/ALGO: responsible for the cryptographic processing. It can either reuse the 2G network authentication (SIM) or the 3G network authentication (AKA) algorithms. The EAP messages with the associated credentials are then sent to the AAA server that communicates to the HLR/ HSS with the Radius/Diameter protocols to challenge the credentials with the ones stored in the HLR/HSS.

CELLULAR NETWORK

HLR /HSS

EAP IN THE SIM CARD OR EAP IN THE MOBILE DEVICE?

As we saw in the previous paragraph, it is possible in the EAP-SIM case to implement this functionality in the mobile device, using the 2G SIM application for the Key and the Algorithm. The mobile device can rebuild the EAP messages by sending three times the “run GSM algorithm” request to the SIM card. The whole EAP intelligence resides on the terminal side. The MNOs can ask mobile equipment manufacturers to implement this in their smartphones and tablets. In this case, all EAP IDs are stored in the Terminal.

• There is no straightforward portability. If the end user changes his device, he has to update the EAP settings on his own device or the operator has to use the device management server to download those settings to the mobile phone. • The terminal is personalised by the MNO with EAP settings. If a terminal is chosen out of the MNO’s selected range, the terminal may not work with the MNO’s EAP. Additionally, the MNO will be obliged to use the Device Manager to update the terminal (if possible).

However there are several reasons why this solution is not optimal.

There are definitely several advantages of putting EAP in the card:

• Putting the EAP processing in the mobile device is possible only when the 2G key and algorithms are used (EAP-SIM). If a higher security is required (EAP-AKA), then the only option is to put EAP processing in the SIM card.

• PORTABILITY: All the information related to MNO EAP settings is stored on the card. If the handset is changed and the new one supports EAP, there is no need to update it. • SECURITY: Access to MNO EAP data is protected with the SIM administrative keys (PIN or ADM key). • MNO CONTROL: MNO EAP settings are accessible (for READ or UPDATE) over the air.

OTA OVER WI-FI WHY OTA OVER WI-FI?

SIM CARD IMPACT

OTA campaign success rate is a major issue for Mobile Network Operators as this rate can be really low using the SMS bearer. The introduction of OTA over HTTPs dramatically increases that success rate (Refer to the OTA over HTTPs white paper for more information1).

In order to manage OTA over HTTPs over Wi-Fi, the SIM card needs to have two main functionalities implemented:

However, when the mobile device is out of cellular coverage but under Wi-Fi range, we can even go further by managing the SIM over WIFI, thus improving the success rate. It is also interesting when the subscriber is roaming: all the data consumed to perform OTA is done over Wi-Fi (and not cellular)

OTA over HTTPs is a way to refresh the SIM card thanks to a server and using the http protocol with TLS security mechanism.

• OTA over HTTPs standardised by Global Platform Amendment B to perform OTA over a data network. OTA over CAT-TP is an option but requires the device to be connected to the cellular network in order to receive SMS to open a channel to the OTA server. This is not an optimal option. • The SIM card needs to be able to open a channel over Wi-Fi bearer. Once those two main functionalities are available, OTA over Wi-Fi can be performed to take the best advantage of Mobile Network Operator’s Wi-Fi hot spots.

CONCLUSION Integrating Wi-Fi network into the cellular network and leveraging the SIM card capability for this integration present many advantages.

They include: • Data traffic off load from cellular network to a more cost effective network that is Wi-Fi. • The SIM card can be refreshed event if the mobile device is out of coverage thanks to Wi-Fi. • The authentication is secured thanks to an application in the SIM card that leverages cellular credentials. • The end user can smoothly authenticate to the Wi-Fi network without any action.

ACRONYMS 3GPP 3rd Generation Partnership Project ADSL Asymetric Digital Subscriber Line AAA Access, Authentication and Authorisation BIP Bearer Independent Protocol CAPEX CAPital EXpenditure CAT-TP Card Application Toolkit Transport protocol EAP Extensible Authentication Protocol GP Global Platform GSM Global System for Mobile Communications HTTPS Hypertext Transfer Protocol Secure IP Internet Protocol IWLAN Interworking Wireless Local Area Networks LTE Long Term Evolution MNO Mobile Network Operator OPEX OPerational EXpenditure OTA Over-The-Air PDG Packet Data Gateway SMS Short Message Service SIM Subscriber Identity Module UMTS Universal Mobile Telecommunications System UICC Universal Integrated Circuit Card USIM Universal Subscriber Identity Module WLAN Wireless Local Area Networks WI-FI Wireless fidelity

ABOUT OBERTHUR TECHNOLOGIES OT is a world leader in digital security solutions for the mobility space. OT has always been at the heart of mobility, from the first smart cards to the latest contactless payment technologies which equip millions of smartphones. Present in the Payment, Telecommunications and Identity markets, OT offers end-to-end solutions

in the Smart Transactions, Mobile Financial Services, Machine-to-Machine, Digital Identity and Transport & Access Control fields. OT employs over 6 000 employees worldwide, including 600 R&D people. With more than 50 sales offices across 5 continents and 10 facilities, OT’s international network serves clients in 140 countries.

DISCLAIMER 12 All trademarks and service marks referred to herein, whether registered or not in speciﬁc countries, are the property of their respective owners. Oberthur Technologies Wi-Fi Off Load White Paper is an independent

publication and has not been authorised, sponsored, or otherwise approved by the owners of any trademarks or service marks referred to herein.

AUTHOR Document written by Telecom Business Unit Marketing, including Stéphane Jacquelin.

OTA OVER HTTPs WHITE PAPER

TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 INTRODUCTION 05 OTA TECHNOLOGY 06 MARKET DRIVERS AND CHALLENGES 08 OTA OVER HTTPs 10 COMPARING OTA TECHNOLOGIES 11 CONCLUSION 11 ACRONYMS 12 ABOUT OBERTHUR TECHNOLOGIES 12 DISCLAIMER 12 AUTHOR TABLE OF FIGURES: 06

FIGURE 1 – LTE DEPLOYMENTS EXAMPLE

FIGURE 2 – OTA MANAGEMENT AT THE CENTRE OF MANY USE CASES

08 08 09

FIGURE 3 – GP2.2 AMENDMENT B HIGH LEVEL VIEW FIGURE 4 – OTA OVER HTTPs IN OTA PLATFORM FIGURE 5 – PUSH AND PULL

EXECUTIVE SUMMARY OTA over HTTPs has several advantages compared to the classical OTA over SMS management. It enables operators to download onto a UICC large files or applications at a much higher speed. OTA over HTTPs enables as well to dramatically increase OTA campaigns success rate thanks to Push/ Pull/Poll functionalities.

OTA over HTTPs is particularly relevant when migrating towards LTE networks, which are all IP networks, and where SMS is not necessarily available. It also benefits value-added services (mobile money, QoS monitoring, NFC,â&#x20AC;Ś) deployments that require larger contents to be downloaded OTA onto UICC already in the field.

INTRODUCTION The UICC is the most secure element used to enable authentication with legacy and new generation networks: GSM, CDMA, 3G and now LTE. The UICC stores various sensitive data, security parameters and network settings allowing accurate and secure access to mobile networks and services. UICC is also a hosting platform for many mobile operators’ centric applications as well as end users value added services.

For many years, UICC has been managed by OTA servers running over the SMS bearer. This is really an efficient way to handle OTA since SMS is available in all 3GPP networks, and large files or applications have been unusual on the UICC. However things are changing: • The migration towards LTE networks, which are all IP networks, and where SMS in not necessarily available. • Value-added services (mobile money, QoS monitoring, NFC,…) are requiring larger contents (files and applications) to be downloaded OTA onto UICC already in the field. Therefore there is a need in the market for an evolution of the OTA management of the UICC towards a more efficient technology/bearer.

The current major OTA enhancement is OTA over HTTPs: Universal Integrated Circuit Card (UICC) content management Over The Air (OTA) with the Hypertext Transfer Protocol Secure (HTTPs) protocol. You may have heard also about HTTP OTA, GP 2.2 Amendment B or even OTA via HTTP(s). Those acronyms all refer to the same way to remotely manage from a server the UICC content thanks to the well-known internet protocol HTTP over an Internet Protocol (IP) bearer and secured by the Transport Layer Security (TLS), hence the “s” at the end of HTTPs. This way to handle the OTA management of UICC has been standardised by the Global Platform Amendment B version 2.2 (GP 2.2 Amendment B). In this paper we are going to describe OTA over HTTPs, the reason why it is being introduced and the advantages compared to legacy technologies.

OTA TECHNOLOGY The Over-The-Air (OTA) technology allows mobile operators to securely manage content and services of UICC after their issuance. Many operators use the OTA platform to update subscription information such as network name and service numbers, SMSC addresses, preferred roaming lists; or to load applications into the UICC to offer their subscribersâ&#x20AC;&#x2122; value added services such as mobile banking or NFC services.

Currently, SMS is the most dominant communication channel used by OTA platforms. The OTA technology is now evolving from the traditional SMS system to an advanced IP system leveraging the capabilities offered by LTE networks - full IP mobile infrastructures and high speed connections. This evolution has already started with the arrival of OTA over HTTPs and will go further with the wide deployment of handsets communicating with UICC through the USB interface, creating an end-to-end IP based OTA systems.

MARKET DRIVERS AND CHALLENGES IMS

OTHER APPLICATIONS

FEMTO CELL

6 The performance of legacy OTA services is affected by several SMS constraints: • When performing an OTA campaign, millions of short messages are sent to all targeted subscribers even if they are unreachable. • If the OTA operation fails, the SMS might be resent again to insure a maximum success rate. This creates a large SMS traffic that might load the signalling network and generate transmission failures. Hence, mobile operators need a better and more reliable bearer to deliver OTA services. CAT-TP has been an attempt to solve some of the SMS challenges. However there are some drawbacks: • CAT-TP has been standardised quite some time ago, but has not yet been widely deployed so far. Only a few operators are using this solution in the NFC context, or to synchronise address books.

Figure 1 – LTE deployments example

• There is no mutual authentication leading to some security holes. • Its use of User Datagram Protocol (UDP) as transport protocol leads to some unnecessary retransmissions. Besides, the adoption of LTE network is happening now. The LTE network is the IP-based mobile access technology. This standard was designed to help operators supporting the explosion of connected devices and the huge data traffic generated by data hungry subscribers. LTE also opens the door for new applications and richer connectivity experience thanks to its higher data speed and enhanced quality of service. LTE reinforces the role of UICC. UICC is still the secure key to authenticate and authorize access to these new generation networks. All operators moving to LTE have adopted the UICC-based model by using the USIM application to access LTE networks. CDMA operators are also moving to LTE and hence are adopting UICC and its OTA management infrastructure.

Several categories of operators need to be distinguished in terms of available options to reach OTA the LTE UICC: • For operators adding LTE to their existing 2G/3G network, their device and UICC can be reached either using Circuit Switched Fall Back or with an implementation of IP Multimedia Subsystem. • With Circuit Switched Fall Back functionality when a subscriber receives a phone call or wants to make a phone call, he is then pushed down to the 2G or 3G layer and is no longer attached to the LTE layer. With this functionality SMS can be received over LTE. • With IMS, SMS over IMS can possibly be used for OTA. This solution may lead to issues when roaming on LTE networks that do not support IMS. This solution has not been deployed so far for OTA. • New green field LTE operators only offer IP/data-only services, with no legacy Voice and SMS infrastructure.

SERVICES MANAGEMENT DYNAMIC ACTIVATION

NFC OTA MANAGEMENT SUBSCRIPTION MANAGER

SMART ROAMING

M2M

Figure 2 – OTA Management at the centre of many use cases

Additionally, more and more operators need an OTA platform with a high level of reliability and efficiency. The OTA platform should at this stage be capable of managing content-challenging applications and mission critical use cases: • Personalisation and loading of largesize NFC applications.

• Update of complex and long roaming lists (preferred networks files) increased by the growing number of roaming agreements and new network licences acquisition. • Subscription lifecycle management in terms of Partial profile configuration or full profile download for handsets, Consumer Connected Equipment and M2M devices at time of service activation or when swapping the operator.

OTA platform leveraging the LTE advances and its fully-fledged IP infrastructure helps mobile operators get the most of their LTE investment while also solving SMS limitations.

OTA OVER HTTPs transmission as it checks whether data is received correctly by the UICC, avoiding a retransmission at the application level.

internet protocol HTTP and secured by the Transport Layer Security (TLS). The Transmission Control Protocol (TCP) is used for the Transport layer. TCP protocol provides a reliable

Global Platform 2.2 Amendment B specifications, commonly called OTA over HTTPs, standardised the way an OTA platform manages updates of UICC thanks to the well-known

HTTP/PSK-TLS FOR SECURITY

TCP/BIP TCP/IP

OR TCP/IP

Figure 3 – GP2.2 Amendment B high level view

8 Unlike with SMS bearer which implies the server pushes the OTA operation to the targeted UICC, the UICC here acts as an HTTP client and is responsible for initiating a connection with an OTA server in order to start an OTA operation. The OTA platform acts as an HTTP server.

PROVISIONING SYSTEM EXTERNAL INTERFACES FUNCTIONAL MODULES NETWORK GATEWAYS

The HTTP connection is always started from the UICC and can be triggered either. • By an external event using a SMS (push message) sent by the OTA server, i.e. OTA Push mode. • Internal events using an applet in the card to initiate OTA operation with internal triggers: at handset power-on, after a periodic time interval (polling)

NFC PLATFORM (TSM)

ROAMING PLATFORM

Web Interface (MMI)

SECURE APPLICATION SUITE

API

Provisioning

OTA Management

OTA SMS

2G/3G

or by the subscriber itself through a configurable STK menu (pulling), i.e OTA Pull/Poll mode. All these triggers can be configured to be activated only when the device is connected to the LTE network, if the need is to load a large content into the UICC, or even to be deactivated when roaming.

HTTP PUSH

OTA IP

PULL

Figure 4 – OTA over HTTPs in OTA platform

Platform Management OTI PoS

LTE

In the GP2.2 Amendment B specification, the IP address of the OTA server can be: • sent via SMS in Push mode • passed by the applet in Pull mode • or potentially stored in cache within the UICC.

When this white paper was written there was no standard defining a DNS resolution for an OTA server IP address within the UICC. Knowing that IP address plans are constantly evolving in IP networks and OTA platforms might not be attached indefinitely to the same IP address, a DNS IP addresses resolution of OTA servers in the UICC is required. The administration agent of the UICC needs to be able to interrogate a DNS server to retrieve the server’s IP address.

This DNS resolver feature has been adopted by several MNOs deploying or actually using OTA over HTTPs. This mechanism offers a better flexibility and it becomes easier to change the network configuration and capacity. The evolved OTA platform is now implementing the OTA over HTTPs using the push and pull/poll delivery modes, this new capacity allows mobile operators to address the previously mentioned new challenges.

PUSH

OTA PLATFORM

Standard SMS to open HTTP administration session

PULL

Initiated by polling applet triggered by configurable rules: Device switch on, regular basis, user action

SD HTTP

OTA POLLING APPLET

Figure 5 – Push and Pull

Trigger Event Device Switch on, STK Event...

COMPARING OTA TECHNOLOGIES The use of OTA over HTTPs brings several advantages to the mobile operators;

OTA EFFICIENCY AND NETWORK RESOURCE OPTIMISATION It reduces significantly the costs of updating UICC OTA. For a mobile operator that regularly sends OTA updates to the deployed cards, using OTA over HTTPs, the card checks if an update is waiting on the server. It directly connects to retrieve the available operations avoiding resourceconsuming attempts to connect to unreachable cards.

INCREASED OTA PERFORMANCE (CAPACITY AND RELIABILITY) ENHANCING CRITICAL USE CASES

The amount of short messages required to transmit several commands or to load large-file applications is reduced. When using the pull/poll delivery modes, the SMS is even not needed. It is now possible to download more data into UICC in a more efficient way, enabling new exciting use cases and applications that were not possible before. NFC solutions can benefit as well from this new OTA bearer allowing a high speed download and personalisation of NFC applications.

Also, the UICC provisioning at the time of subscription activation becomes easier, ie to download the data needed to customise the UICC (preferred roaming list, applications or network parametersâ&#x20AC;Ś) or to download the full subscription profile in the case of MNO swap.

MAXIMISED SUCCESS RATE FOR OTA CAMPAIGNS There is no more need to send a large amount of short messages and consume valuable network resources trying to address unreachable subscribers. The OTA updates are sent only to the cards that are connected to the network.

ENHANCED REACH FOR DATA ONLY DEVICES AND NETWORKS OTA over HTTPs in pull/poll modes offers a simple solution for data-only mobile network operators to update their cards: the new IP bearer can be used to deliver OTA updates in this particular environment. It is also a solution to reach UICC in LTE data-only devices such us dongles or tablets.

CONCLUSION OTA over HTTPs is now gaining some momentum with MNOs moving to LTE and the need to manage large-size content and critical use cases. OTA over HTTPs introduces a more reliable and efficient way of managing UICC

compared to legacy OTA technologies, with a dramatic improvement of OTA campaigns success rate, the ability to download efficiently large files onto the UICC, and better OTA delivery performance.

ACRONYMS 11 3GPP 3rd Generation Partnership Project API Applications Interfaces BIP Bearer Independent Protocol CAT-TP Card Application Toolkit Transport protocol CSIM CDMA Subscriber Identity Module GP Global Platform GSM Global System for Mobile Communications HTTPS Hypertext Transfer Protocol Secure IMS IP Multimedia Subsystem ISIM IMS Subscriber Identity Module IP Internet Protocol LTE Long Term Evolution M2M Machine-to-Machine MNO Mobile Network Operator NFC Near Field Communication OTA Over-The-Air SMS Short Message Service SIM Subscriber Identity Module TCP Transmission Control Protocol TLS Transport Layer Security UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System UICC Universal Integrated Circuit Card USIM Universal Subscriber Identity Module

publication and has not been authorised, sponsored, or otherwise approved by the owners of any trademarks or service marks referred to herein.

AUTHOR Document written by Telecom Business Unit Marketing, including Stéphane Jacquelin.

TRANSPORT TICKETING TECHNOLOGIES FOR NFC SIM WHITE PAPER

TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 FROM PAPER TICKETS TO PLASTIC TRANSPORT CARDS AND MORE 05 DIFFERENT TECHNOLOGIES AROUND THE WORLD 07 OVERVIEW OF DIFFERENT TECHNOLOGIES: 08

• MIFARE™

- MIFARE™ CLASSIC

- MIFARE DESFIRE™

• CALYPSO™

• CIPURSE™

• OTHERS : FELICA® & EMV

14 TRANSPORTS CARDS ON MOBILE PHONES 16 EXAMPLE OF MIFARE4MOBILE 17 CONCLUSION 19 ACRONYMS 20 ABOUT OBERTHUR TECHNOLOGIES 20 DISCLAIMER 20 AUTHOR

EXECUTIVE SUMMARY Public transport authorities have been the industry promoting and driving the adoption of contactless cards. Their needs for secure, affordable and fast transport ticketing were fulfilled by this new technology. Near Field Communication (NFC) on mobile phones brings new added value features while keeping the compatibility with the existing infrastructures. Indeed, transport integrators do not need to upgrade or change existing equipments as NFC is 100% compatible with existing contactless cards. However, in addition to existing use cases, smart phones allow additional multimedia features and new possibilities for the users and for transport authorities.

• Enhancement of the user experience through a user friendly interface using wallet applications. • Possibility of Over-The-Air (OTA) capability for transport authorities to dynamically update data stored on the secure element : rights management, top-up, etc ... • New services with: real time information, access to public services, bike or car rental. These new appealing services also mean improvement of the SIM. It must remain secure and affordable while enhancing its core specifications to support those new requirements. The deployment of those high-end SIMs for all kind of usages especially in transport will ensure large adoption of NFC technology by the consumers.

FROM PAPER TICKETS TO PLASTIC TRANSPORT CARDS AND MORE… FOR MANY YEARS, COMMUTERS WHO USED PUBLIC TRANSPORTATION TO GO TO WORK, OR TOURISTS WHO VISITED A CITY, HAD TO BUY PAPER TICKETS. WHEN YOU THINK OF IT, PAPER TICKETS ARE EXPENSIVE TO PRODUCE, NOT VERY ECO-FRIENDLY AND ONLY USEABLE ONCE. MOREOVER, SOMETIMES, BUS AND METRO TICKETS ARE DIFFERENT AND NEED TO BE PURCHASED SEPARATELY AND THAT IS WHY FOR ONE TRIP, YOU MAY FIND YOURSELF WITH SEVERAL DIFFERENT TICKETS.

Wee ickets Zonk Pass Day e 3 Zon Pass

4 In 1994, Mikron (which was acquired by Philips in 1998) engineers invented and launched a technology that allowed passengers to use a plastic transport card instead of paper tickets. The idea was simple. To hop on a bus or take a train, the user just had to put his card over an electronic reader to be given full access, provided he had enough credit of course. The technology embodied in the card and the reader (also referred to as a Proximity Coupling Device) was called MIFARE. The first NFC transport card was used in Seoul in 1996. Since then, many cities have adopted transport cards using the MIFARE technology. Thanks to their reliability and low cost, those types of cards are now also used for electronic wallet, access control, corporate ID cards, or stadium ticketing, and many people now carry a full collection of MIFARE cards. One for transport, one for their office coffee machine, one for their favourite fast food, etc… And each card of course can only be used for a specific action in a specific place.

The solution to solve this little inconvenience would be to gather several applications on a single card; an application for transport, another one for the coffee machine, and so on. But rather than using a plastic card, why not load all those different applications onto something that nearly everybody has… a mobile phone. At the end of 2010, NXP started to sign licensing agreements for adding MIFARE technology to UICC cards. And this is why now, people can use public transportation or go shopping just with their own phone. Since then, even though MIFARETM from NXP historically dominates the market, other companies have introduced their own technology. Calypso™ from CNA which is used throughout France, Italy, Portugal, Belgium, Canada, Mexico, Israel, Latvia, Morocco. FeliCa® from Sony in Japan & Hong Kong. Other recent initiatives for market interoperability can also be mentioned such as CIPURSE™ from OSPT.

DIFFERENT TECHNOLOGIES AROUND THE WORLD

MAIN TECHNOLOGIES

MIFARE™ Classic

MIFARE DESFire™

Calypso™

FeliCa

CARDS IN CIRCULATION

More than 700 millions

More than 100 millions

More than 110 millions

More than 30 millions

THE MAIN MARKET PLAYERS TRANSPORT OPERATORS (TOs) They operate the transit network whose services are purchased by the transit authorities. The TOs will deliver services to the citizens by managing vehicle fleets, human resources and an ITS infrastructure. Eg: RATP in Paris, TFL in London.

SYSTEM INTEGRATORS They deliver and maintain an AFC (Automatic Fare Collection) system. Eg: Cubic, Thales, Xerox, VIX, INDRA and local companies.

TRANSPORT AUTHORITIES They define how the transport network of a city, suburban area or region, will be designed in terms of transit network and services in order to optimise the quality of services delivered to the citizens. Eg: STIF for Paris, LTA in Singapore or CRTM in Madrid.

OVERVIEW OF DIFFERENT TECHNOLOGIES MIFARE™ THE MIFARE SOLUTION

HOW MIFARE IS USED

MIFARE FOR ACCESS CONTROL

was developed to manage ticketing transactions for public transportation systems. Although contact smart cards are appropriate, contactless readers are faster and more convenient to use for two main reasons: there is virtually no maintenance on the readers, and no wear and tear on the cards.

In an AFC system, the user gets his card by going to a distribution network which includes sale agencies, retail shops, ticketing vending machines or a web site. Following the fare system, he will (re)load an amount of money in his “store value” or purchase ticket (single journey, 10 journeys ticket, season ticket ...).

In addition to payment transactions for public transportation systems, MIFARE is also frequently used for access control applications due to its ability to store multiple applications on one card. A MIFARE card could be used as an access card, cafeteria debit card, an ID card, a parking fee card, a library or equipment checkout card, or even a vending machine debit card. It could also store biometric templates to be verified by biometric readers.

MIFARE technology is owned by NXP. The company does not manufacture any cards or readers, but it makes and sells the card and reader chips.

By presenting his card to a contactless reader, the fare is debited from the store value and an action is performed in the card based on the business rule defined by the transit authority.

7 TECHNICAL ASPECTS The technology is embodied in both cards and readers (also referred to as a Proximity Coupling Device which is suitable to use). The MIFARE name (derived from the term MIkron FARE Collection System) covers seven different kinds of contactless cards.

HERE ARE THE MOST COMMON ONES MIFARE Classic is based on a proprietary protocol compliant to parts (but not all) of ISO/IEC 14443-3 Type A, with a proprietary security protocol for authentication and ciphering.

MIFARE DESFire is a technology embedded in smart cards that complies with ISO/IEC 14443-4 Type A with a mask-ROM operating system from NXP. MIFARE DESFire EV1 includes AES encryption.

MIFARE™ CLASSIC The MIFARE Classic card is fundamentally just a memory storage device, where the memory is divided into segments and blocks with simple security mechanisms for access control. They are ASIC-based and have limited computational power. Thanks to their reliability and affordable cost, those cards are widely used for electronic wallet, access control, corporate ID cards, transportation or stadium ticketing.

The MIFARE Classic 1K offers 1024 bytes of data storage, split into 16 sectors; each sector is protected by two different keys, called A and B. Each key can be programmed to allow operations such as reading, writing, increasing value blocks, etc. MIFARE Classic 4K offers 4096 bytes. For security purposes, those cards embed a proprietary security protocol (Crypto-1) for authentication and ciphering.

8 MIFARE DESFIRE™ MIFARE DESFire EV0 was introduced in 2002 with more hardware and software security features than MIFARE Classic. It comes pre-programmed with the general purpose MIFARE DESFire operating system which offers a simple directory structure and files. MIFARE DESFire uses 3DES or AES encryption algorithms and is available with either 2k, 4k or 8k of storage. The maximal read/write distance between card and reader is 10 cm (3.9 in), but actual distance depends on the field power generated by the reader and its antenna size.

In 2008, NXP introduced an evolution of this technology with MIFARE EV1. This evolution brought not only functional features but especially security enhancements :

• Support for random ID • Support for 128-bit AES • Hardware and Operating System is Common Criteria certified at level EAL 4+ A few years after this release, researchers of Ruhr University Bochum announced that they had broken the security of MIFARE DESFire EV0 which was already discontinued.

CALYPSO™ Calypso was born in 1993 and is an international electronic ticketing standard for microprocessor contactless smartcards, originally designed by a group of European transit operators from Belgium, Germany, France, Italy and Portugal. It ensures multi-sources of compatible products, and allows for interoperability between several transport operators in the same area. Most European transit operators from Belgium, Germany, France, Italy and Portugal eventually joined the group in the following years. The first use of the technology was in 1996. The European standard for ticketing data has also been contributed by the actors of Calypso. After a few years of trials, the system has been generalised in the early 2000s in major European cities such as Lisbon, Paris, Venice, later followed by Milan, Porto, Marseille, Lyon, Turin, and many smaller cities. Calypso is extended now in other countries such as Belgium, Israel, Canada, Mexico or Colombia.

TECHNICAL ASPECTS Calypso technology can be used either on contact or contactless cards and is based on two main technologies:

• The microprocessor smartcard, widely used in many monetary transactions;

• The contactless interface (improperly called RFID) ensuring both remote powering and communication between the reader and the card.

A Calypso card, whatever its form (card, watch, mobile phone or other NFC object...) has a microprocessor which contains all the information related to its owner rights for the application, and which implements the Calypso authentication scheme for security. This makes a difference with other e-ticketing system, such as London's Oyster card, where the card is only a memory chip with no processing capabilities. Calypso uses up-to-date contactless technology to ensure a complete transaction in less than 200 ms. All ticketing transactions are run through a secure session that guarantees the integrity of the data written onto the card, even if the card is withdrawn too quickly. The anti-tearing function leaves the card in a safe state if the communication link is broken between the terminal and the card. To avoid possible fraud or forgery, the secure session ensures that the card, the terminal, and the data are genuine, thanks to mutual authentication. Calypso’s high level of security is reached using microprocessor cards, Security Modules on terminals, and proven fast symmetric cryptographic algorithms using hardware accelerators (DESX, TDES). The card, the terminal and all data exchanged between them are authenticated. These operations are carried out with a high-speed algorithm resulting in the shortest possible transaction time.

CIPURSE™ The CIPURSE open security standard was established by the Open Standard for Public Transportation (OSPT) Alliance to address the needs of local and regional transit authorities for automatic fare collection systems based on smart card technologies and advanced security measures. Products developed in conformance with the CIPURSE standard are intended to:

• include advanced security technology, • support multiple applications, • help enable compatibility with legacy systems,

• be available in a variety of form factors. The open CIPURSE standard is intended to:

• promote vendor neutrality, • enable cross-vendor system interoperability,

• reduce the risk of adopting new technology,

• improve market responsiveness. All of these factors are intended to reduce operating costs and increase flexibility for transport system operators. In the past, public transport systems were often implemented using standalone, proprietary fare collection systems. In such cases, each fare collection system employed unique fare media (such as its own style of ticket printed on card) and data management systems.

Because fare collection systems did not interoperate with each other, payment schemes and tokens varied widely between local and regional systems, and new systems were often costly to develop and maintain. Transport systems are migrating to microcontroller-based fare collection systems. These are converging with similar applications and technologies, such as branded credit-debit payment cards, micropayments, multi-application cards, and Near Field Communication (NFC) mobile phones and devices. These schemes will enable passengers to use transit tokens seamlessly across multiple transit systems. These new applications demand higher levels of security than most existing schemes that they will replace. The OSPT Alliance defined the CIPURSE standard to provide an open platform for securing both new and legacy transit fare collection applications. Systems using the CIPURSE open security standard address public transport services, collection of transport fares, and transactions related to micropayments. The transition to an open standard platform creates opportunities to adopt open standards for important parts of the fare collection system, including data management, the media interface and security. An open standard for developing secure transit fare collection solutions could make systems more cost-effective, secure, flexible, scalable and extensible.

TECHNICAL ASPECTS CIPURSE builds upon existing, proven, open standards - the ISO 7816 smart card standard, as well as the 128-bit advanced encryption standard (AES128) and the ISO/IEC 14443-4 protocol layer - and its advanced security concept can be implemented in low-cost silicon. Its advanced authentication scheme is resistant to most of today’s electronic attacks. Its advanced security mechanisms include a unique cryptographic protocol that encourages fast and efficient implementations with robust, inherent protection against differential power analysis (DPA) and differential fault analysis (DFA) attacks. Because the protocol is inherently resistant to these kinds of attacks and does not require dedicated hardware measures, it eliminates the need by card and chipmakers for a massive overhead of software and hardware countermeasures against these attacks. This unique advantage makes it possible to cost-efficiently guard against counterfeiting, cloning, eavesdropping, man-in-the-middle

attacks and other security risks that threaten the integrity of transit fare collection systems. The CIPURSE standard also provides a security concept and guidelines, providing an implementation “cookbook” for transit agencies, system integrators and others to develop the overall system security design. Because of its advanced authentication and secure messaging protocol, as well as its independent ISO 7816 command set, the CIPURSE standard can address a variety of different applications. From products such as simple low-end memory chip cards, to stand-alone smart cards up to multi-application cards and NFC mobile phones, the CIPURSE standard’s flexibility and interoperability makes it unique for public transport. Furthermore, addressing and expanding the low-end market of single trip or limited use tickets is easy. This scalability across transit fare form factors, support for emerging NFC mobile phones and other devices and multi-vendor support sets the stage for a truly future-proof solution.

OTHER TECHNOLOGIES EVEN THOUGH MIFARE AND CALYPSO ARE THE MOST COMMON TECHNOLOGIES, OTHER TECHNOLOGIES HAVE BEEN DEPLOYED OVER LOCAL MARKETS ON A SMALLER SCALE, SUCH AS FOR EXAMPLE FELICA OR EMV.

FELICA™ The name stands for Felicity Card. First utilised in the Octopus card system in Hong Kong and across Japan.

FeliCa is a contactless RFID smart card system, owned by Sony and NTT Docomo in Japan. Primarily used in electronic money cards.

12 EMV™ EMV is a specification for secure contact and contactless transactions via chip-based payment cards, PoS terminals, and ATMs. This standard is maintained by EMVCo, a public corporation currently owned by MasterCard, Visa, American Express, and JCB. Contactless EMV cards have been developed with offline capabilities, which means the card does not require online authorisation for the merchant to be guaranteed funds.

The card has the capability of authorising small amounts offline. Transit authorities would benefit from this capability for authenticating their user in a fast and secure way. Nevertheless the reader certification cost and the business model is still challenged when using those mechanisms. Pilots have been run in many cities or countries like Philadelphia, London or South Africa and revenue inspection.

MIFARE™ MIFARE CLASSIC DESFire™

COMMANDS FOR INTERCHANGE

APPLICATION

TECHNOLOGIES OVERVIEW AND STANDARD COMPLIANCE

ISO 7816-4

ISO 14443-4 A TRANSMISSION

FeliCa™

ISO 14443-3 A

ISO 14443-4 A/B

DEP ISO 18092

ISO 14443-3 A/B Transmission FeliCa “C” ISO 18092 (A+B, FeliCa)

ISO 14443-2 A

ISO 14443-2 A/B

TRANSPORT CARDS ON MOBILE PHONES Contactless ticketing systems have reached a substantial global coverage over the last two decades. Main application fields are automated fare collection in public transport as well as secure access management. However, overall there are more than 40 different contactless applications that this open technology platform can address. While contactless cards and tokens represent the majority of today’s media in the field, Near Field Communication (NFC) enabled mobile devices are currently undergoing a fast adoption and are becoming omnipresent. This leads to the conclusion that joining both technologies creates a huge benefit for the industry such as:

• being able to travel using the phone as a paper ticket

• buying tickets directly OTA without having to go to a ticket vending machine • consulting the balance of your electronic wallet, etc… This will take the end user experience to the next level opening new business models for all eco-system players.

MIFARE4MOBILE MIFARE4MOBILE IS A TECHNICAL SPECIFICATION TO MANAGE MIFARE-BASED APPLICATIONS IN MOBILE DEVICES. The specification provides mobile network operators and service providers with a single, interoperable programming interface, easing the use of the contactless MIFARE technology in future mobile Near Field Communication (NFC) devices.

This specification named MIFARE4Mobile V1.01 has never been deployed mainly because it was based on an old GlobalPlatform 2.1 standard while NFC SIM Cards and TSMs were already implementing Global Platform 2.2. In addition, this specification was limited to MIFARE Classic technology.

MIFAREâ&#x201E;˘

MIFARE4MOBILE My

W Tic Zoeek Pakets ss D n Zoay Paes 3 ne s

OTA TOP-UP

TSM

WHY MIFARE4MOBILE? In 2012, the MIFARE4Mobile industry group, consisting of leading technology firms in the contactless market, has taken the responsibility to improve and standardise the management of MIFARE based applications on NFC enabled mobile devices. Therefore, the MIFARE4Mobile V2 specification set is currently developed to make mobile ticketing with MIFARE DESFire, MIFARE DESFire EV1 and MIFARE Classic based infrastructures possible. MIFARE4Mobile V2 ensures interoperability amongst different form factors (embedded secure element, UICC SIM and micro SD) and different vendors.

In conjunction with the new concept of multiple virtual cards and compliance to Global Platform, MIFARE4Mobile V2 brings a maximum of compatibility with existing infrastructure. Global Platform (especially Amendment C) enables MIFARE4Mobile V2 to coexist with other applications such as mobile payment on one and the same mobile device. The main objectives of those specifications are to:

• Enhance the user experience leveraging the user interface provided by the mobile phone. • Take advantage of the connected capabilities of the handset for OTA management

TECHNICAL ASPECTS The emergence of NFC mobile services depends on the ease by which contactless applications can be installed and used in consumer hands. Since MIFARE is the most common contactless card format used in public transport worldwide, it is essential to enable genuine interoperability for the installation and use of MIFARE in NFC mobile phones, for the whole industry to use. Any MIFARE4Mobile compliant device will work seamlessly with any MIFARE infrastructure. The specification covers 3 functional areas:

1. WALLET / USER INTERFACE APIS • Ensure a consistent user experience • Provide full interoperability with other card formats.

• Render card content on the phone screen in a convenient and flexible way.

2. OVER THE AIR / TRUSTED SERVICE MANAGER APIS • Allow OTA providers to access MIFARE resources of any secure element in a consistent way. • Ensure uniform approach to MIFARE application life cycle management.

3. SECURE ELEMENT PLATFORM APIS • Provide common access to the hardware resources of the MIFARE portfolio. In addition to MIFARE4Mobile other initiatives are also starting to promote and enhance the user experience for transport use cases in the mobile environment. As an example: OSPT group has recently published the "CIPURSE™ V2 Mobile Guidelines".

CONCLUSION The transport markets remain fragmented with multiple actors in each and every country. Several technical solutions coexist and will continue to coexist in the coming years. Adding the multiplicity of technical protocol solutions, transport actors are looking for fast, secure, and convenient E2E solutions at an affordable cost.

AFC systems are more and more based on contactless media. The mobile world including mobile devices and SIMs must adapt to those requirements. SIMs should not only provide SWP/NFC technology and user-friendly applications, but should also remain multi technology in order to keep a high level of security with the appropriate certification level. Those new requirements must also take into consideration the speed of a contactless validation.

“NFC NOW” SOLUTION BY OBERTHUR TECHNOLOGIES

18 Major transport technologies are embedded in dragonFly (Oberthur Technologies’ NFC SIM family) enabling the rollout of Transport NFC use cases. DragonFly meets the need for fast transactions with its integrated NFC Turbo Engine, a hardware accelerator associated with software optimisation. This dramatically reduces the time a transaction takes to run. Transport access validation or transport ticketing transactions are granted faster than with any other SIM card.

DragonFly is also the most secure NFC SIM, with the integration of the best in class certifications including EAL4+ with its anti-virus, Virtual Defending Machine, built in the SIM. The SIM is therefore able to defend itself by isolating the virus or the malware, preventing the corrupted application from interacting with any other application containing sensitive data stored within the SIM. Hence, dragonFly products meet transport institution needs for confidentiality of contactless mobile applications and associated user data with great performances. In addition, Oberthur Technologies also provides TSM which allows secure remote updates and post-issuance personalisation for any kind of application.

ACRONYMS AES Advanced Encryption System AFC Automatic Fare Collection API Applications Interfaces ATM Automatic Teller Machine CNA Calypso Networks Association CRTM Consorcio Regional de Transportes de Madrid (Spain) DES Data Encryption Standard DESX Variant of DES DFA Differential Fault Analysis DPA Differential Power Analysis EMV Europay, MasterCard and Visa E2E End-to-End ISO International Organization for Standardisation ITS Intelligent Transportation System JCB Japan Credit Bureau LTA Land Transport Authority (Singapore) NFC Near Field Communication OSPT Open Standard for Public Transportation OTA Over-The-Air RATP RĂŠgie Autonome des Transports Parisiens (France) RFID Radio Frequency Identification ROM Read Only Memory SIM Subscriber Identity Module SMS Short Message Service STIF Syndicat des Transports d'Ile-de-France (France) SWP Single Wire Protocol TDES Triple DES TFL Transport For London 3DES Triple DES TSM Trusted Service Manager UICC Universal Integrated Circuit Card

in the Smart Transactions, Mobile Financial Services, Machine-to-Machine, Digital Identity and Transport & Access Control fields. OT employs over 6 000 employees worldwide, including 600 R&D people. With more than 50 sales offices across 5 continents and 10 facilities, OTâ&#x20AC;&#x2122;s international network serves clients in 140 countries.

DISCLAIMER 20 All trademarks and service marks referred to herein, whether registered or not in speciďŹ c countries, are the property of their respective owners. Oberthur Technologies White Paper

is an independent publication and has not been authorised, sponsored, or otherwise approved by the owners of any trademarks or service marks referred to herein.

AUTHOR Document written by Telecom Business Unit Marketing.

NFC SIM CARDS WHITE PAPER

TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 03 INTRODUCTION 04 ARCHITECTURE 06 APPLICATIONS 08 11 13

• SECURITY • SPEED • CONVENIENCE AND AVAILABILITY OF VALUE-ADDED APPLICATIONS

15 CONCLUSION 15 ACRONYMS 16 ABOUT OBERTHUR TECHNOLOGIES 16 DISCLAIMER 16 AUTHOR TABLE OF FIGURES: 04 06 06 07 07 08 09

FIGURE 1 – NFC ARCHITECTURE FIGURE 2 – NFC APPLICATIONS FIGURE 3 – PAYMENT USE CASE FIGURE 4 – TRANSPORT USE CASE FIGURE 5 – ACCESS CONTROL USE CASE FIGURE 6 – ACCESS CONTROL USE CASE FIGURE 7 – CERTIFICATIONS BODIES

FIGURE 8 – CONTROLLING AUTHORITY AND VALIDATION AUTHORITY

10 11 12 14

FIGURE 9 – VIRTUAL DEFENDING MACHINE FIGURE 10 – RUSH HOUR AT THE TRANSPORT GATE FIGURE 11 – NFC APPLICATIONS DOWNLOADED OTA FIGURE 12 – MIFARE

EXECUTIVE SUMMARY Near Field Communication (NFC) is a radio interface that allows an exchange of information in a limited range, a few centimetres, between two elements. This technology opens new opportunities to Mobile Network Operators (mobile operators). Thanks to antennas embedded in mobile devices, the Universal Integrated Circuit Card (UICC) is the central point that handles the security in the exchange of information through this NFC channel, and more generally with associated servers and through a human interface. These Secure Elements (SE) can host all applications that were previously hosted in plastic cards. Therefore, mobile operators can have access to a new business model. Thanks to NFC technology, banking applications, transport applications or couponing applications can now securely be stored into the UICC and used by the end user through his mobile phone interface. Those applications can also interact with the end user through a human interface (i.e.: the screen) or with servers. This is a great added value compared to plastic cards but this leads to new threats and new issues as well.

For mobile operators to enter the value chain the most efficient way possible, they need to ensure the highest security to their partners (banks, transport operators) and their customers. This can be guaranteed thanks to different certifications that are the Common Criteria Evaluation Assurance Level (CC EAL) 4+ or advanced antivirus into the Operating System (OS) of the UICC. However, this is not enough; the Secure Element which is the UICC needs also to be very reactive and very quick. Smart phone users are not patient at all and the service activation needs to be fast and efficient. Not only the service activation needs to be fast but also the speed of the transaction is crucial. With a transport application for example, a slow transaction could block the end user during rush hour in front of a metro station gate waiting for the gate to open after he swiped his phone in front of an NFC reader. A few 100ms could indeed make the difference in this case: speed is crucial.

VISA and MasterCard applications in the UICC are a must, but again, this is not enough for an end user to use the NFC capability of his mobile phone. Many more applications need to be available and used convenient. For mobile operators to succeed in NFC deployment, the following key UICCâ&#x20AC;&#x2122;s parameters are crucial: security, speed and convenience. They will reinforce trust in mobile operators with a future proof product that pleases the end user.

INTRODUCTION You may have heard about this barbarian technological acronym that is NFC. This stands for Near Field Communication, a radio technology that enables two devices to exchange information within a short range, a few centimetres. NFC antennas are now being embedded into smartphones enabling exchange of information between those phones and some tags or readers.

Because most NFC applications require security, key assets must be stored within a tamperproof area called the Secure Element (SE) which can be a chip soldered into the phone, a SD or a SIM card. When the SIM card is used as the Secure Element, any third party willing to deploy its application such as a credit card issuer or a transport operator will agree with the mobile operator in order to install his credentials into the SIM card.

In this paper we are going to discuss about the key characteristics an UICC requires to make the NFC deployment a success for mobile operators.

ARCHITECTURE

APPLICATION PROCESSOR SERVER

SIM-CENTRIC SOLUTION

SECURED ELEMENT SWP INTERFACE NFC Component

NFC FRONT-END

Figure 1 –NFC architecture

In order to run NFC, a certain number of components need to be present:

THE NFC ANTENNA The antenna is a short range distance induction technology, with ranges around 10 cm. This was designed as a short range so the end user has to put the antenna close to the device he wants to interact with, in order to guarantee that interactions and transactions do not happen without the user’s consent. The RF Carrier is at 13,56 KHz with a Half duplex protocol. The huge majority of handset manufacturers now ship devices with built-in NFC support. This includes Samsung, LG, RIM – Blackberry, Nokia, HTC, Acer, Alcatel, Fujitsu, Google, Huawei, Motorola, Sony, ZTE, etc.

THE SWP INTERFACE The Single Wire Protocol (SWP) is the standard for a single-wire connection between the SIM card and a near field communication (NFC) chip in a Mobile Device. This enables the Secure Element which is the UICC to exchange information with an NFC component in the Mobile Device and to transmit and receive through the NFC antenna.

THE SECURE ELEMENT AND ITS SECURE APPLICATIONS In the SIM centric model that we are studying in this paper, the Secure Element is the UICC. It allows storing keys, payment, transport, couponing, access control applications or any other type of applications. The Secure Elements also ensure a secure communication between the actual mobile device and an external device, for example a reader through the NFC channel.

THE APPLICATIONS (OR MIDLETS) The secure element that is the UICC can interact with an application in the mobile device. This application is sometimes referred to as a midlet, developed on different operating systems depending on the type of handset used (Android, Blackberry). The midlet allows managing user's interface via the keyboard and the screen, and some communications Over-The-Air (OTA) with servers. It often includes a mobile wallet, federating the various applications present on the Secure Element (several credit cards, transport passes, access control cards, etc.).

THE TRUSTED SERVICE MANAGER (TSM) A server can interact with applications in the UICC. This server that is able to securely manage those applications is called the Trusted Service Manager (TSM). The TSM can install, manage, update, and remove applications on the SIM card. Usually, we distinguish the TSM-MNO that manages the responsibilities of the mobile operator (managing the content of the card in a secure way) and the TSM-SP that manages the applications belonging to a service provider (bank, credit card company, transport operator) on the card. The TSM-MNO and TSM-SP communicate with each other in a standard way.

THREE DIFFERENT WAYS OF USING NFC There are three different modes of interactions in NFC.

1. The first one is the Card Emulation Mode. In this mode, the SIM card emulates one or more standalone cards such as payment cards for example. This mode is possible only while interacting with a Secure Element within the mobile device. Is cannot be used by an application in the mobile device that does not go through a Secure Element. Because the SIM card emulates a standard contactless plastic card, it can immediately work with already existing infrastructures.

2. The second one is the Reader mode. In this mode, the mobile device emulates an NFC reader. This can be used for example to read a poster tag or a loyalty card.

3. The third one is the Peer-toPeer mode. In this mode there is a bidirectional communication between two peers or two devices. Peers can switch between both modes during one given transaction, and multiple communication channels can be opened during one transaction. In this paper we are going to focus on the Card Emulation mode

APPLICATIONS

COUPONING

TRANSPORT/TRANSIT

PAYMENT

EVENT TICKETING

OTHER MARKETS TO BE EXPLORED

Access card

CORPORATE ACCESS

Figure 2 – NFC applications Different applications and business models are relevant in NFC.

Figure 3 – Payment use case

PAYMENT APPLICATIONS Payment applications are the most common use case for NFC services on SIM cards. Many plastic credit or debit cards like Visa, MasterCard or American Express already embed a contactless functionality. Now that mobile phones have this NFC capability as well, it sounds obvious to support this application in the SIM card.

This allows storing banking applications on the same platform as the telecom application. For end users, this means having a banking card embedded in a SIM card. Market research has shown a great consumer appetite for using a mobile phone to store credit cards and being able to pay by tapping the handset.

TRANSPORT AND MASS TRANSIT

ACCESS CONTROL

You may be aware, that many commuters carry plastic transport cards with them. Those transport plastic cards can now be put as an application in the UICC, so the end user can use his mobile phone to pass the transport gate. The SE, where the transport application is stored, is always connected, which allows the purchase or the consultation of the remaining number of tickets on the screen, which of course is not possible with a plastic card…

Access control is another use case where the associated application can be stored securely in a SIM card. Not only can corporate badges be stored in the SIM, but also hotel keys. There is a wide variety of applications that can be used in this specific case. Depending on the level of security required, some certifications may be necessary. Here again, as the NFC phone emulates existing cards, this type of application can be deployed easily without needing to upgrade the existing infrastructure.

However, the transaction when passing the transport gate needs to be fast, especially at rush hour when there is a long line of people waiting. In this transport case, the speed of the transaction is a key issue. Research has shown that too long transaction times (if the tap is not fast enough) lead to users bumping into the turnstile and other very bad user experiences.

EVENT/TICKETING COUPONING AND MANY OTHER USES

Figure 4 – Transport use case

As several applications can be stored within the UICC, most users will include loyalty and couponing at their favourite retail stores, ticketing to enter a stadium for example or many other use cases that still need to be defined. To be able to cope with those use cases, the UICC needs to be convenient and offers a wide range of applications.

Figure 5 – Access Control use case

SECURITY MNO UICC

SP1

SP2

8 Security is a key issue for NFC. Who could imagine storing credit card credentials, transport passes, corporate badges or hotel keys in an unsecure device? In order for mobile operators to be able to rent a space on their SIM cards to banks for example, they need to be able to ensure banking regulation authorities and end users that there Secure Element is secure. There are different ways to guarantee this security, certifications by third parties is one way, but many hidden features within the SIM card also help ensure its integrity.

Figure 6 â&#x20AC;&#x201C; Access Control use case

WHY SECURITY DOMAINS ARE IMPORTANT When a mobile operator provides a partner, such as a credit card issuer or a transport operator, with an application that can be loaded onto its SIM card, he must guarantee that no one (even the operator himself) will be able to access their secret data. To do so, a trusted third party is required in order to allow the separation of the different zones. A zone managed by a service provider is called a security domain. Letâ&#x20AC;&#x2122;s compare the UICC with a building owned by the mobile operator. It can rent an apartment to someone. An independent locksmith (similar to the trusted third party in NFC) will be called to change the lock and give the key only

to the tenant, who can trust that he will really be home in his new apartment (similar to the security domain in NFC). In those security domains, the service provider can download and manage securely his own applications without the mobile operator controlling those updates and downloads. Thatâ&#x20AC;&#x2122;s the reason why service providers need to be sure that the building and their security domains are actually safe and functional. The mobile operators need to be sure as well that what the service providers do in their security domain will not endanger the rest of their UICC. This is the purpose of the certifications.

CERTIFICATION BODIES PC ANALOGY

NXP

VISA

MASTER CARD

REGULATOR

SIM CARD WORLD

APPLICATIONS

O.S

CHIP SUPPLIER

Figure 7 – Certifications bodies

CERTIFICATIONS Certification of a secure element by third parties ensures the integrity of the UICC. There are different layers that need to be certified in the UICC : • The chip (analogy with a PC would be an Intel processor). • The Operating System (OS) (analogy with a PC would be the Windows). • The application running on top of it (Microsoft Word or Excel would be the analogy with the PC world). What is certified is actually the combination of Chip, OS and application. There are different certification bodies depending on the actual application whether it is a banking application (Visa, MasterCard, Amex), a transport application (MIFARE DESFireTM), or another type of application.

In some countries, regulators impose the CC EAL4+ certification and this is probably the best certification to ensure the integrity of the UICC. The Common Criteria Evaluation is an international standard used in IT to assess the security level of products and services. It is important to check what is actually being evaluated by looking at three elements: • The Protection Profile identifies the security requirements for a specific range of security devices. It will be different for a network router and for a SIM card: the PPUSIM is the Protection Profile for SIM card and payment related applications. • The Security Target specifies the security evaluation criteria that can be used to assess the security properties of a product or service. It defines what part of the system has been evaluated. To refer to our comparison, what has been tested as being secure: only the doors, only the windows, or the whole building?

• The Evaluation Assurance Level is a package of security requirements that must be met by the product or seven service levels of security: EAL1 to EAL 7. EAL4+ certification is the level required for payment services and governmental identity documents. For a Secure Element to be certified EAL4+ the IC chip must be at least EAL4+. Another certification body is the EMVCo (Europay, MasterCard and Visa). EMVCo is a private entity owned by major credit card networks who manages the global standard for credit and debit payment cards based on chip card technology.

CONTROLLING AUTHORITY (CA)

YES YOUR SD IS SECURE

Warranty the integrity of a Security Domain (SD) into the Secure Element (SE)

VALIDATION AUTHORITY (VA)

YES THIS APPLET WIL NOT ENDANGER YOUR SD

Warranty that an application loaded does not endanger SE

Figure 8 –Controlling Authority and Validation Authority

DESIGN STAGE

VALIDATION STAGE

APPLICATION LOADING

VALIDATION AUTHORITY (VA)

SECURITY GUIDE

GENERAL MODEL

ONE/TWO MONTHS

STATIC VERIFIER

VALIDATION AUTHORITY (VA)

VIRTUAL DEFENDING MACHINE DEFENDING MACHINE

10 EMVCo's primary role is to manage, maintain and enhance the EMV Integrated Circuit Card Specifications with the objective of ensuring interoperability and acceptance of payment system integrated circuit cards on a worldwide basis. This certification is required before launching other certifications like Visa or Japan Credit Bureau (JCB). Credit card networks mandate that payment applications are certified in order to be used on an NFC SIM card. In the same way, MIFARE DESFireTM should undergo certifications to be used with transport applications. Some of those application issuers can also request the system to be certified EMVCo or CC EAL4+ for example. CC EAL4+ certifies that the UICC and associated Security Domains are fully secure. In order to ensure the integrity of a Security Domain and that only the service provider has the keys, EAL4+ certification introduces the Controlling Authority (CA) as this trusted third party.

Figure 9 – Virtual Defending Machine

In order to ensure that an application downloaded onto a card is safe, and that it will not damage the rest of the content of the card, the EAL4+ certification introduces a third party known as the Validation Authority (VA).

ENSURING THAT MALICIOUS APPLETS DO NOT ENDANGER THE REST OF THE CARD One of the security risks that needs to be discussed is if a malicious applet manages to be loaded onto the card and then starts interacting with other applets or with the operating system to create unexpected behaviour and fraud, just like a virus can run on a computer. One way to avoid this kind of attack is if the SIM card provider provides a security guide explaining how the applet should be developed to ensure maximum security. Therefore, before an applet is loaded onto the card, it has to be evaluated by the validation authority who will check that it complies with the security guide and that it will not interfere with the rest of the card.

THE DRAGONFLY PLUS: A BUILT IN ANTIVIRUS On dragonFly series of SIM cards, an antivirus runs directly on the card. Even if a malicious applet was loaded, it would prevent if from running. This antivirus, technically known as a Defending Virtual Machine, allows to download some applications, with no development guide or recommendations, without the need for the validation authority to request some extra laboratory tests. The dragonFly built-in antivirus allows deploying applications with a faster time to market by not having to redevelop applications that follow a development guide and to pass some lab tests to keep a CC EAL4+ certification.

SPEED

Figure 10 â&#x20AC;&#x201C; Rush hour at the transport gate

Nowadays, end users are not patient at all. A service should work instantaneously and offer great customer experience. If not, end users will not use it. Reading a notice and taking time are not the qualities one can expect from a smartphone user. So it is crucial for the UICC with NFC services to be quick and efficient. In transport and mass transit applications, the execution time of the card software is crucial. As commuters walk through the gate while they tap their pass on the contactless reader, the transaction time should be extremely fast orâ&#x20AC;Ś the door will not open and commuter will hit the gate. This is not the kind of user experience transport operators want to advertise.

THE DRAGONFLY PLUS: THE NFC TURBO ENGINE Some dragonFly series SIM cards are equipped with an NFC Turbo engine. Some performance sensitive applications such as MIFARE DESFireTM require to perform some complex calculations and require state of the art cryptographic methods including AES 128. With the NFC Turbo engine, AES 128 long calculations are run on hardware based Advanced Encryption Standard (AES) in order to be more efficient. This is just one of the many internal optimisations of the NFC Turbo Engine that allows dragonFly series SIM cards to be among the fastest on the market.

SERVICE PROVIDER DEPLOY SERVICES: • DEPLOY CONTACTLESS APP TO SE • LOAD MOBILE APP TO MOBILE PHONE

MANAGER SERVICES: • LOCK/UNLOCK, UPDATE, RENEW...

INPUT FILE + PHONE NUMBER

PARTNERS (SE ISSUERS) SP TSM

MNO

12 PERSONALISATION CENTERS

OEM

OTA

Figure 11 – NFC applications downloaded OTA

NFC cards need to run fast transactions but also need to be quick when a new service is downloaded, installed and activated over-the-air (OTA). Older systems would use the SMS bearer to download applications, would last for several minutes and lead to errors during the transfer.

THE DRAGONFLY PLUS: FAST OTA THANKS TO CAT-TP AND AMENDMENT B This download time can be dramatically reduced and secured thanks to two optimised end-to-end protocols: OTA over HTTPs – the same used in the internet world – or CAT-TP. In addition these protocols are considerably more reliable and ensure a high quality of success.

CONVENIENCE AND AVAILABILITY OF VALUE-ADDED APPLICATIONS Security and speed are absolutely necessary for a NFC UICC but this is not enough. In order for the mobile operator to maximize the usage of his card with his service provider partners, he should be able to offer a large catalogue of value-added applications. Beyond the service providers, in order for the applications to be adopted by the end user, usage needs to be smooth and convenient. MIFARETM Classic and DESFireTM are some of the best known value applications sitting in an NFC card beyond payment. They are widely used for transport or mass transit, for access control, for ticketing, etc.

But in order to provide a really enhanced customer experience compared to a plastic card, an NFC handset needs to offer additional features such as the ability for the user to browse through his virtual card â&#x20AC;&#x201C; check how many tickets are available, check when his pass expires â&#x20AC;&#x201C; or the ability to top-up their card with additional tickets or passes purchased on the go thanks to the cellular connection. A simple use case would be a user arriving in a new city and using his/her NFC handset to instantly download the local metro application, buy tickets and use them to pass the gates. Some of these features already exist on some cards but are implemented in a proprietary manner, preventing interoperability with the midlets on the cards (such as a mobile wallet) and with the TSM servers. With such proprietary solutions, the uses cases above are not possible.

MIFARE4MobileTM OTA MIFARE MANAGEMENT

14 THE DRAGONFLY PLUS: MIFARE4MOBILE™ V2 MIFARE4Mobile v2 is an industry standardised solution that allows interoperability between the wallet interface and the TSM interface for MIFARE ranges of cards. It extends the MIFARE4Mobile v1 proprietary solutions. Some dragonFly series SIM cards MIFARE4Mobile v2 allows for limitless deployment of MIFARE applications, a clear way to enhance end user experience and thus promote the NFC usage.

END USER INTERFACE

Figure 12 – MIFARE

The NFC UICC should be compatible with actual and future network evolutions but also with all types of devices.

THE DRAGONFLY PLUS: COMPATIBLE WITH DIFFERENT FORM FACTORS AND NETWORKS dragonFly series SIM cards can be declined in several form factors including 2FF, 3FF and 4FF. dragonFly series SIM cards have also the capability to run over several networks, including 2G, 3G and LTE networks (sometimes referred to as 4G).

NETWORK INDEPENDENT DEVICES

TESTED AND INTEGRATED APPLICATIONS

One of the key added values of the UICC is the portability from one device to another and from one network to another. We now see that networks are evolving and migration to Long Term Evolution (LTE) - also known as 4G - is a reality. The NFC SIM card needs to be future proof and cope with the evolution of mobile operators’ networks. With LTE migration, some operators are also migrating to OTA over HTTPs protocol.

Again for the end user, an application downloaded onto the UICC needs to work immediately, with no errors. If errors occur, customer experience will deteriorate and the service will not be used. It is important for the UICC to be tested, certified with as many applications as possible in a real environment.

THE DRAGONFLY PLUS: TESTED WITH A COMPREHENSIVE APPLICATION PORTFOLIO There are many applications available from various suppliers on the market and many more to come. Some examples are for identification: HID, Legic, Oberthur Technologies, for transport: MIFARE™ Classic, MIFARE DESFire™, Calypso™ or CIPURSE™, for payment MasterCard, Visa, American Express, for loyalty and couponing: FidBook or Loyalty Avenue, etc. dragonFly series SIM cards have been integrated and tested with a wide array of applications and have received the formal approval from the application supplier when available. This is the best guarantee that it can be deployed hassle free and used by end users.

CONCLUSION For a successful NFC UICC deployment, the SIM cards needs to be fast, secure, convenient and offer a wide range of applications as we saw in this paper. With this type of UICC, Mobile operators and Service providers have a future proof product that pleases the end user and reinforces trust in the Mobile operators.

ACRONYMS 15 3GPP CA EMVCO ENODE B EPC GGSN GSM IMS IP ISIM JCB LTE MME MSC NFC NODE B OS PCRF PGW RCS SGSN SGW SIM SIP SWP TSM UMTS UICC USIM VA

3rd Generation Partnership Project Controlling Authority Europay, MasterCard and Visa evolved Node B evolved Packet Core Gateway General Packet Radio Service Global System for Mobile Communications IP Multimedia Subsystem Internet Protocol IMS Subscriber Identity Module Japan Credit Bureau Long Term Evolution Mobility Management Entity Mobile Switching Center Near Field Communication Term used in UMTS to denote the base transceiver station Operating System Policy and Charging Rules Function Packet Data Network Gateway Rich Communication Services Serving General Packet Radio Service Serving Gateway Subscriber Identity Module Session Initiation Protocol Single Wire Protocol Trusted Service Manager Universal Mobile Telecommunications System Universal Integrated Circuit Card Universal Subscriber Identity Module Validation Authority

DISCLAIMER 16 All trademarks and service marks referred to herein, whether registered or not in speciﬁc countries, are the property of their respective owners. Oberthur Technologies NFC SIM cards White Paper is an independent

publication and has not been authorised, sponsored, or otherwise approved by the owners of any trademarks or service marks referred to herein.

AUTHOR Document written by Telecom Business Unit Marketing, including Stéphane Jacquelin.