The integration of contactless secure applications with wearable devices is a very significant new business opportunity for hardware and service providers'. Pedro Martínez, MobileKnowledge CEO, at Dallas NFC Forum.
The integration of NFC secure applications on mobile phones devices –such as payments, transit or access- is still far from pervasively reaching the hundreds of millions of people using contactless cards for the same applications. At the heart of the problem, we can identify two main causes: on the one hand, the commercial friction between the “owner” of the secure element in the mobile phone (the phone manufacturer or the Mobile Network Operator) and the service provider (eg; the bank or the Public Transport Operator). On the other hand, the complex and expensive systems integration process between the Service Provider and the SE owner, and the operating cost of managing the OTA provisioning of the related secure applications. Naturally, and in order to reach most of their customer base, the Service Providers would need to integrate with many, if not all, of the mobile phone providers, adding to the complexity and the cost.
Considering the wearable device, in its simplest form, as a “secure container” for contactless applications, but still connected to the cloud using the user’s smart phone as a bridge, we start breaking some of those barriers. The minimum HW architecture needed for this would consist of a secure element –tamper resistant, banking security grade- and an NFC controller, a BLE device, a simple microcontroller, a battery and an antenna. Thanks to the BLE connection to the smart phone (all smart phones have it), we will be able to enjoy the same power, security and flexibility as we would have within the smart phone itself: dynamic OTA provisioning and management of secure applications, according to the well-defined GlobalPlatform rules. Now, first advantage, no more dependencies from the mobile phone SE owner (be it the phone manufacturer or the MNO), the wearable device would work with any smart phone providing a BLE connection. One could say though, that service providers would move into the hands of wearable manufacturers now. But, interestingly, wearable manufacturers are more interested at this stage in adding value to their devices by allowing them to act as payment cards, transport tickets, or access cards than getting a revenue out of the renting of their secure device or from getting a share of the transaction value itself. So, we could imagine the first barrier -the commercial friction between the service provider and the “secure element owner”- would be gone. In addition, service providers could decide on their own to promote their own wearable device: imagine for example a local bank who would issue a wearable for “local city services combining their payment cards but also transit tickets, parking tickets or any other citizen related services in connection to other fellow local service providers.
But what about the integration and operation costs for the service provider? Well, as per today’s mobile phone environment, the so-called Service Provider TSM (SP-TSM) is certainly required: this requests some investment from the service provider in order to be able to manage their application in the mobile space. On the other side of the coin, the so-called Secure Element Issuer TSM (SEI-TSM), required at the Secure Element owner’s side to manage access to their SE and connect to the different SP-TSM platforms. Here’s a problem: only powerful and big wearable providers would typically be able to invest in such platforms, and eventually, this as a cost would hit either their bottom line, or impact their competitiveness on their retail prices. Or, even worse, it would open the door for them to think about getting revenues from the secure services they onboard, and we would be back to the commercial friction we’ve described before.
How could we devise a simpler, cheaper but still banking-grade secure access to the Secure Element for Service Providers? Can we dream about a secure element which can be accessible just as any other feature of your wearable –or phone- device? NXP Semiconductors have developed a paradigm-shift solution for this: the Open SE concept, revolving around a feature of their Secure Element + NFC controller chip (PN66T family), the so-called “Loader Service” feature. In a simple way, this feature allows the owner of the Secure Element device –the wearable manufacturer- to give access to it to any Service Provider by issuing a simple digital certificate for each of them. This digital certificate will allow the service provider to create a Secure Domain within the space of the Secure Element, or to put it differently, to open their own “secure box” within the “vault” of the secure element, and to subsequently download their own application OTA in an encrypted form so that it gets stored securely in their secure domain.
No need for an SEI-TSM investment anymore, no need for a complex and expensive integration process for the Service Provider!
The beauty of this is that this operation, for the service provider, is driven by a simple encrypted script which can be stored in the cloud. At the time the end customer would require the service to be downloaded on their device, they would get it immediately, without the need for TSM servers to be active 24/7 (case of the traditional SEI-TSM approach). And even better for the Service Provider, their unique script would be valid for any wearable in the field the customer would have chosen, just by adding the corresponding string of digital certificates.
Of course, for this to become a widely deployed option, this “Loader Service” feature should not be one-semiconductors-vendor-only. The good news here is that NXP Semiconductors has open it, and that GlobalPlatform Standards Committee has confirmed their commitment to transform it into a standard feature, now called SEMS (Secure Element Management System)
With this, I believe we are at an important turn in making a reality of the first vision-promise of NFC: your mobile phone as your virtual wallet. Now it would be “Your connected wearable as your virtual wallet”, meaning your real wallet, with your individual cards, banking, tickets, but also your sports club, or your office … Any service providers, irrespective of their size and reach, would now be in a position to offer their “virtual” cards as simply as having them as downloads in their web sites for example.
A fantastic opportunity for traditional “wearable” suppliers to add value to their products (consider traditional jewelry market for example), and for thousands of service providers to offer their services in the most convenient mobile form their customers are demanding.
Related topics
The easiest way to develop, provision, and manage any kind of secure NFC wearable. Watch the video about NXP’s Secure NFC Wearable technology, and the Secure Services Development Platform Kit.