Monday, December 15, 2014

ARM®, NFC Technology, and the Single Wire Protocol

At the heart of an ARM Powered® smartphone with NFC technology is the contactless front end or CLF. The CLF is responsible for managing radio-frequency communication at 13.56 MHz.

A mobile phone with NFC technology contains only one CLF.  The CLF is connected to the ARM® processor or application processor via UART, I²C, and in some cases SPI.  These protocols are fairly basic and facilitate straightforward communication between the application processor and CLF via a typical Linux or UNIX-based kernel.  Updating the firmware on the CLF is a typical operation that is performed over the UART serial line.

While a mobile phone with NFC technology contains only one CLF, the phone may contain multiple secure elements. There may be a secure element on the UICC card, on the microSD card, and/or embedded with the CLF on the PCB.  Applets residing on each of the secure elements can serve both similar and different purposes.  Both the secure element and the CLF are small, self-contained computers with I/O communications interfaces. In the case where there are multiple secure elements residing on the phone, each of the secure elements is a small, self-contained computer with I/O communication interfaces.  A secure element differs from a normal computer in that it is embedded. It has limited resources available for performing computations.
A typical secure element also contains dedicated hardware co-processors for performing common cryptographic operations.  Implementing common cryptographic algorithms at the software level on the secure element is not always practical due to the resource constraints of the components that comprise the secure element. At a high-level, it is the responsibility of the applet(s) that resides on the secure element to handle the secure storage and transmission of user account data, card data, transaction data, and identity information related to banking and credit card transactions, and personal identification.  For these types of use cases, encryption and decryption are common operations.  Consequently, they are refactored into hardware blocks on most secure elements.

UICC-based SEs, eSEs, and microSD-based SEs all use cryptography to store sensitive user account information.  UICC-based SEs, eSEs, and microSD-based SEs are typically manufactured by different companies.  Consequently, there are multiple types of operating systems that run on secure elements.

When the secure element is packaged with the CLF on the PCB, it is called the embedded secure element (eSE).  For such a configuration, the eSE is connected to the CLF via S2C (NFC-WI).
By design, the inclusion of the embedded SE into the IC package with the CLF means that the provisioning of trusted applets, such as those used for mobile payments, can occur via a communications channel external to that of the carrier-controlled, baseband processor.  Updates and network communication with a UICC-based SE occur via the baseband processor.  On the contrary, an eSE is not typically provisioned by the MNO when the phone is purchased.  Communication with an embedded SE (eSE) can occur via the CLF through the application processor if the user has access to the proper access keys.  The eSE is connected to the CLF in the IC package via the S2C bus.  The S2C or NFC-WI interface was initially proposed by Philips and subsequently standardized by ECMA.  The S2C interface consists of two lines, SigIn and SigOut, implemented as two physical wires between the CLF and embedded secure element.  This S2C protocol allows for full-duplex communication over two physical wires between the CLF and eSE.  A common eSE is called the NXP SmartMX.

In contrast, the UICC on a mobile phone has traditionally been used by the mobile network operators (MNOs) for carrier specific purposes such as network subscriber information.   Mobile phones with NFC technology and a UICC also utilize the secure element on the UICC for mobile payment applications.  The MNOs have largely been involved in the effort to utilize the secure element on the UICC for storing bank and credit card user account information.  The UICC-based SE manufacturer is most likely some entity other than NXP.   The applets that reside on the UICC-based SE are inherently the domain of the mobile network operators.  Applets running on the UICC are used for multiple purposes - these purposes include carrier network and subscriber information, and NFC mobile payments.  Applications responsible for storing bank and credit card account information are provisioned by trusted external entities associated with the MNOs. Currently, the UICC-based SE is provisioned by a trusted MNO entity prior to purchase.  Carrier network activities such as call initiation and sms receipt can be communicated to/from applets running on the UICC via the radio interface software layer running on the application processor's operating system as the application processor is connected to the baseband processor. This exchange occurs in the form of APDUs.  APDUs are also exchanged between a contactless point of sale terminal and an applet running on the UICC-based SE or eSE during an NFC payment activity.

Since the inception of NFC hardware on ARM Powered® smartphones, NFC mobile payment applets have been added to the secure element on the UICC.  The UICC is physically connected to the phone's baseband processor.  For a phone with NFC technology, the UICC is also connected to the CLF via the single wire protocol (SWP).  A single, physical wire is connected between the CLF and one of the contact pins on the UICC.  SWP defines the connection between the UICC and CLF.  SWP is intended for use when the UICC-based SE houses trusted applets that are responsible for mobile payment applications along with the storage of user bank account and credit card information.  SWP  allows for full-duplex communication over a single physical wire between the CLF and UICC. ETSI TS 102 613 defines the physical and data layers of SWP. SWP was established by Gemplus (now Gemalto).

In the United States, the ISIS initiative (now called Softcard), a joint venture between T-Mobile, Verizon, and AT&T, utilizes the secure element on the UICC card for hosting mobile payment applications and storing sensitive user account information.  If you purchase an Android phone with NFC technology, you will notice that there is an ISIS app installed to the phone.  The phone most likely contains a UICC-based secure element that is connected to the internal CLF via the SWP.
The mobile phone may contain an NXP PN544 pin-to-pin compatible PN65N, in which case, the SWP line is wired to the UICC SWP contact pin via a single physical wire.  Alternatively, the phone may contain a PN544 CLF, in which case the same SWP line is wired to the UICC SWP contact pin via a single physical wire.  When an embedded secure element is connected to the CLF via S2C (NFC-WI) and the CLF is also connected to the UICC-based SE over the single wire protocol (SWP), then applications (applets) can be selected by id from either secure element.

The provisioning of applets to either the eSE, microSD SE, or UICC-based SE occurs via different channels.  The MNOs have largely been responsible for the provisioning of applets to the UICC-based SE via trusted third parties.  In contrast, device manufacturers are able to provision parts of the the embedded secure element before it leaves the factory.  The physical connection to the secure element is one of its key differentiating factors.  Embedded secure elements are connected to the CLF via S2C.  In contrast, UICCs use the SWP pin to connect with the CLF.   When a mobile payment transaction occurs via NFC, it does so over the contactless communication interface.  The remote payment terminal sends information back and forth between the applet running on the secure element. This communication occurs via the CLF to the SE, either over the single wire connection to a UICC-based SE or over the two-wire (S2C) connection to the eSE; depending on which SE is running the card issuers payment applet, such as MasterCard PayPass, or ISIS.  As a side note, ISIS also provisions the UICC-based SE with loyalty and discount applets so you can take advantage of these when using NFC technology to make purchases.  The microSD card is also connected to the CLF; however, I have not covered that since microSD-based secure elements are not as prevalent yet in the United States.

It has been the intent of the OEMs (not all), silicon manufacturers (not all), and those in favor of open ecosystems, to utilize the on-board embedded secure element (eSE) for hosting the applications that are responsible for mobile payment transactions.

There are multiple parties involved in this ecosystem; they include and are not limited to trusted third parties responsible for provisioning applets to the secure element via the carrier network, credit card issuers, silicon manufacturers, original equipment manufacturers (OEMs), banks, mobile network operators (MNOs), software vendors such as Google, credit card manufacturers, credit card issuers global standards bodies such as ISO and EMVCo, trusted service managers, service providers, certificate authorities, industry associations such as Global Platform, and numerous regulating entities.  The ecosystem is complex and there are currently several successful efforts underway to standardize NFC technology and the manner in which it is used in the United States.

As a key point to consider and in contrast to the solutions that have been implemented for the safe execution and storage of NFC related mobile payment applications and sensitive account information, ARM® TrustZone® technology in the processor core can be utilized in a similar light to that of the technologies on the eSE, UICC-based SE, and microSD SE.  ARM® TrustZone® technology also provides an ideal platform for secure key pad entry and user authentication.

ARM and Cortex are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and TrustZone are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and SecurCore are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and Keil are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved.Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert, QorIQ, QorIQ Qonverge, Qorivva, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid and Xtrinsic are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. SMARTMX is a trademark of NXP B.V. SMARTMX2 is a trademark of NXP B.V. JCOP is a trademark of NXP B.V. Android is a trademark of Google, Inc. QNX and Neutrino are registered trademarks of QNX Software Systems Ltd. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries.

No comments:

Post a Comment