Host card emulation

Summary

Host card emulation (HCE) is the software architecture that provides exact virtual representation of various electronic identity (access, transit and banking) cards using only software. Prior to the HCE architecture, near field communication (NFC) transactions were mainly carried out using hardware-based secure elements.[1]

HCE enables mobile applications running on supported operating systems to offer payment card and access card solutions independently of third parties while leveraging cryptographic processes traditionally used by hardware-based secure elements without the need for a physical secure element. This technology enables the merchants to offer payment cards solutions more easily through mobile closed-loop contactless payment solutions, offers real-time distribution of payment cards and allows for an easy deployment scenario that does not require changes to the software inside payment terminals.

History edit

The term "host card emulation" (HCE) was coined in 2012 by Doug Yeager and Ted Fifelski, the founders of SimplyTapp, Inc., to describe the ability to open a communication channel between a contactless payment terminal and a remotely hosted secure element that contains financial payment card data, to pay at the point-of-sale.[2] They implemented this new technology on Android. At that time, RIM had similar functionality, called "virtual target emulation", which was supposed to be available on the BlackBerry Bold 9900 under the BB7 operating system. Prior to HCE, card emulation existed in hardware only: a card could be replicated with a multiple-purpose secure element, housed inside a smartphone.[1]

By including HCE in Android, Google hoped to accelerate adoption of Android payments and to increase adoption of Google Wallet by mobile network operators. At the time, Android's share of the mobile operating system market was 80%.[3] However, even with the inclusion of HCE in Android 4.4, the banks still needed the major card networks to support HCE. Four months later, at Mobile World Congress 2014, Visa and MasterCard announced their intent to support HCE.[4][5] On December 18, 2014, less than ten months after Visa and MasterCard announced their support for HCE, Royal Bank of Canada (RBC) became the first North American financial institution to launch a commercial implementation of mobile payments using the HCE technology.[6]

As a result of widespread adoption of HCE, some companies offer modified implementations that usually focus on providing additional security for the HCE's communication channel. One such implementation is termed HCE+.

Impact edit

The new HCE architecture supports payments, loyalty programs, card access, and transit passes.

Before HCE, adoption of NFC in payment systems was low, due to lack of infrastructure (terminals), due to the high capital cost of deploying secure elements, and due to the need for complex partner relationships.

By supporting HCE in Android 4.4, Google enabled companies to adopt NFC at a relatively low cost.[citation needed]

Implementation edit

Host card emulation enables near field communication (NFC) information transfer between a terminal configured to exchange NFC radio information with an NFC card and a mobile device application configured to act or pretend to emulate the functional responses of an NFC card. HCE requires that the NFC protocol be routed to the main operating system of the mobile device instead of being routed to a local hardware-based secure element (SE) chip configured to respond only as a card, with no other functionality.[7]

Since the release of Android 4.4, Google has implemented HCE within the Android operating system.[1] Google introduced platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programs, card access, transit passes, and other custom services.[7] With HCE, any app on an Android 4.4 device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice. Apps can also use a new Reader Mode so as to act as readers for HCE cards and other NFC-based transactions.

The first known mobile handset to support anything like HCE outside of the Android family was the BlackBerry bold 9900 that was first available in Thailand. released together with BlackBerry 7 OS.[8]

CyanogenMod operating system was the next known mobile device operating system to support HCE [8] through the effort of modifying the NXP NFC stack known as libnfc-nxp, the NFC service manager, and operating system APIs by Doug Yeager. The OS APIs were adapted to include two new tag types that were called ISO_PCDA and ISO_PCDB which are also known terminal or PCD standards. This would imply that you could "read" a tag in the same manner that you could read a terminal.

Microsoft has announced new support for HCE NFC payments in Windows 10. This will allow improved payment integration flows and enable coexistence of HCE with UICC-based secure elements in Windows 10 and Windows 10 Mobile.[9]

Uses edit

HCE is used to allow transactions between mobile devices and other credential acquiring devices. Those devices may include other mobile devices, contactless point-of-sale terminals, transit turnstiles, or a variety of access control touch pads. For example, Android developers can leverage HCE to create specific payment experiences, such as using HCE to enable a mobile application as a transit card.[10]

References edit

  1. ^ a b c "Host-based Card Emulation". developer.android.com. Retrieved March 1, 2015.
  2. ^ "SimplyTapp Proposes Secure Elements in the Cloud". 19 September 2012.
  3. ^ "IDC: Smartphone OS Market Share". www.idc.com. Retrieved 2015-06-02.
  4. ^ "Visa Inc". Retrieved 2 October 2014.
  5. ^ "MasterCard to Use Host Card Emulation (HCE) for NFC-Based Mobile Payments". MasterCard Social Newsroom. Archived from the original on 6 October 2014. Retrieved 2 October 2014.
  6. ^ "RBC First bank in North America with Host Card Emulation". Retrieved 18 December 2014.
  7. ^ a b "Android KitKat". Android Developers. Google. Retrieved 2 February 2014.
  8. ^ a b Clark, Sarah (19 September 2012). "SimplyTapp proposes secure elements in the cloud". NFC World. Retrieved 2 February 2014.
  9. ^ "Windows 10 for mobile gets HCE". nfcworld.com. 25 March 2015. Retrieved 25 March 2015.
  10. ^ "[HOW-TO][CHICAGO] Ventra using SimplyTapp". XDA Developers. 6 April 2014.