Post on 10-May-2015
description
Host Card Emulation (HCE)
NFC
NFC APPS
Card Emulation with a Secure Element
Host-based Card Emulation
• Host Card What?
• Host Card Why?
• Implementing an HCE Service
• Host Card Security
Host Card What?
• Where data is routed ?
• Support for many different protocols
• Android NFC devices functioning as readers ( IsoDep class).
• HCE services
Host Card Why?
• No more complex SE cards.
• Multiple NFC payment wallets can be on the phone
• No worrying about SE storage size.
• No need to pay the Carrier for Over-the-air SE provisioning and lifecycle management.
• Enabling any wallet to use it to communicate to a PoS
Implementing an HCE Service
Implementing an HCE Service
• Service selection
• AID groups and categories
• Service implementation
• Service manifest declaration and AID registration
Service Selection
Service selection
• ISO/IEC 7816-4 specification
• Application ID (AID).
• Length between 5 and 16 bytes
• AID well-known and publicly registered
• What if you want to deploy new reader infrastructure for your own application ?
AID Groups
• AID group is a list of AIDs that should be considered as belonging together by the OS
• HCE service may need to register multiple AIDs to implement a certain application
• Android guarantees one of the followingo All AIDs in the group are routed to this HCE
serviceo No AIDs in the group are routed to this HCE
service
AID groups and categories
• Each AID group can be associated with a category
• avoid mentioning AIDs in any user-facing parts of your application.
• Android 4.4 supports two categories: o CATEGORY_PAYMENT o CATEGORY_OTHER
Checking for HCE support
• Your application can check whether a device supports HCE by checking for the FEATURE_NFC_HOST_CARD_EMULATION feature.
Service implementation
• The first step is therefore to extend HostApduService.
• HostApduService declares two abstract methods that need to be overridden and implemented
Service implementation (2)
• processCommandApdu() is called whenever a NFC reader sends an Application Protocol Data Unit (APDU) to your service
• "SELECT AID" APDU.
• processCommandApdu() run on the main thread.
• When Android will stop forwarding new APDUs from the reader to your service ?o The NFC reader sends another "SELECT AID" APDU, which the
OS resolves to a different serviceo The NFC link between the NFC reader and your device is broke.
• In both of these cases,onDeactivated() implementation is called
Android Protocol Data Unit (APDU)
• APDUs are the application-level packets being exchanged between the NFC reader and your HCE service.
• APDU is a half-duplex.
• Android’s HCE implementation only supports a single logical channel.
Android Protocol Data Unit (APDU) (2)
Manifest declaration and AID registration
Manifest declaration and AID registration (2)
Screen Off and Lock-screen Behavior
AID Conflict Resolution
• The same AID can be registered by more than one service.
• Checking if your service is the default
Secure element AID registration
Secure element AID registration (2)
Coexistence with Secure Element Cards
HCE and Security
• BIND_NFC_SERVICE system permission.
• Android Application Sandbox,
HEADER
Ahmed Fathallah Junior android developer
linkedin.com/in/ahmedfathallah/ahmedfathalla02@gmail.com