SIMalliance has published an illustration intended to help NFC service providers to understand the cost considerations of different NFC deployment models. The illustration compares the known and hidden conceptual costs of deploying NFC services via three deployment technologies: UICC (secure element), Embedded Secure Element (eSE) and Host Card Emulation (HCE). Within the visual, SIMalliance also evaluates the ‘risk of attack’ associated with each model and suggests that this is also a cost that service providers need to consider.
With the explosion of the mobile applications market, there is an unprecedented need to secure many different types of mobile service. This infographic offers an overview of the OMAPI specification and how it is being used, in conjunction with the secure element, to secure these services.
In an interview with Jane Cooper, Technology Editor at The Banker, SIMalliance Chairman Hervé Pierre discusses how near-field communication (NFC) is evolving and what banks need to consider when implementing an NFC programme.
In this workshop, held at the HCE Summit in London on 14th October, 2014, SIMalliance brought together industry experts to discuss security considerations within the NFC ecosystem and the approaches offered by HCE and SE deployment models. The workshop explored how an appropriate NFC security strategies can be identified, based on the unique security requirements of individual NFC service use cases.
This paper provides an introduction to Android’s Host Card Emulation (HCE) and explores its value to the NFC ecosystem relative to the Secure Element (SE). SIMalliance contends that while HCE is good for the NFC ecosystem as a whole (increasing end-user familiarity with NFC through additional services, driving adoption and encouraging new developers into the ecosystem), the technology remains immature, un-standardised and, relative to SE-based deployments, vulnerable to malicious attack.
In this webinar, Frédéric Vasnier, Chairman of the Board, SIMalliance, explores how the industry can most effectively encourage mass consumer adoption and weighs the relative merits of the differing TSM strategies.
Released on 02.04.2012
Webinar: Back to the Future for Application Development and Delivery
In the world before the app store, delivering an application to millions of subscribers was a long, complex process. That all changed with the appearance of the application store marketplaces. In this webinar, Michele Scarlatella, Board Director, SIMalliance, discusses the security implications of this rapidly evolving environment for application development and delivery.
Scratch the service of potential mobile transaction portfolios and it is easy to see why. Whether enabling instant international payments, credit and loan applications, stock trading, NFC retail goods payments or a host of marketing-led loyalty point collection and usage services, the opportunities appear endless.
But while market projections and developing service suites point to an industry worth in excess of $670 billion by 2015 (Juniper Research), translating this from a slideware to the balance sheet is no small task.
The likelihood of success, of course, cannot be questioned; not least because of the commitment (and investment) of the mobile industry to making it happen, or indeed the growing consumer acceptance of the mobile as a payment mechanism – which is as high as 70 percent in some markets. The associated rampant adoption of iOS and Android smartphones in developed markets, the functional possibilities they offer and the increasing market penetration of NFC-enabled handsets are also driving the market.
Consumers love their mobile devices; and there is ample evidence that should transaction services be mobilized in such a way as to offer some kind of differentiation, then consumers will adopt – whether that value is in increasing convenience for the consumer, giving them back more time, offering free ‘stuff’ or reducing the costs of goods and services. Ideally, it will be a combination of all. But the beauty of the mobile device is that it enables impulse online purchasing – from an advert seen in a train carriage or passing billboard. This will, of course, drive data traffic but also increase revenue-share returns between all the members of the mobile value chain – from the retailer right through to the mobile operator.
There are, of course, concerns. These range from the rapid ROI for mobile transaction services, how to assure the consumer adoption above, and how to build the right business models to get the money flowing through the value chain. But perhaps before all of these, we need to look to two key elements without which it will be impossible to build a platform for success; security and interoperability.
Released on 18.04.2012
Interoperability for contactless services with mobile NFC – An Introduction
Projected to account for almost a third of mobile payments transactions by 2014 (source: Research and Markets, 2010), mobile Near Field Communication (NFC) promises to revolutionise both device to device communication, and the way consumers engage, interact and transact with brands. These contactless services present a host of opportunities in payment, transportation, access control and data exchange. But addressing the challenges of the NFC world is critical to enable its success from a device, network and service perspective. Once again, the role of the ‘Secure Element’ within the device is paramount in managing authentication and certification; not only to ensure the integrity of financial transactions and data exchange throughout the NFC chain, but to deliver the required levels of interoperability as well. The white paper look at the evolving NFC services market and adresses interoperability issues. It goes a liitle further on from interoperability and touches upon secure application and service lifecycle management and details the specifications and tools SIMalliance has produced over the last ten years to advance interoperability and security in application and service development and deployment.
Released on 21.06.2011
This License Agreement (Agreement) is a legal agreement between you and SIMalliance. (Licensor), which is the owner of the specification (Specification) you will be downloading when you complete this Agreement. As used in this Agreement, "you" means the company, entity or individual that is acquiring a license under this Agreement.
By clicking on the "ACCEPT" button below, you are agreeing that you will be bound by and are becoming a party to this Agreement. If you are an entity, and an individual is entering into this Agreement on your behalf, then you will be bound by this Agreement when that individual clicks on the "ACCEPT" button. When they do so, it will also constitute a representation by the individual that s/he is authorized to bind you as a party to this Agreement. If you do not agree to all of the terms of this Agreement, click the "DO NOT ACCEPT" button at the end of this Agreement.
1. License Grant.
Licensor hereby grants you the right, without charge, on a perpetual, non- exclusive and worldwide basis, the right to utilize the Specification for the purpose of developing, making, having made, using, marketing, importing, offering to sell or license, and selling or licensing, and to otherwise distribute, products complying with the Specification, in all cases subject to the conditions set forth in this Agreement and any relevant patent and other intellectual property rights of third parties (which may include members of Licensor). This license grant does not include the right to sublicense, modify or create derivative works based upon the Specification. For the avoidance of doubt, products implementing this Specification are not deemed to be derivative works of the Specification.
2. NO WARRANTIES.
THE SPECIFICATION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL LICENSOR, ITS MEMBERS OR ITS CONTRIBUTORS BE LIABLE FOR ANY CLAIM, OR ANY DIRECT, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE SPECIFICATION.
3. THIRD PARTY RIGHTS.
Without limiting the generality of Section 2 above, LICENSOR ASSUMES NO RESPONSIBILITY TO COMPILE, CONFIRM, UPDATE OR MAKE PUBLIC ANY THIRD PARTY ASSERTIONS OF PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS THAT MIGHT NOW OR IN THE FUTURE BE INFRINGED BY AN IMPLEMENTATION OF THE SPECIFICATION IN ITS CURRENT, OR IN ANY FUTURE FORM. IF ANY SUCH RIGHTS ARE DESCRIBED ON THE SPECIFICATION, LICENSOR TAKES NO POSITION AS TO THE VALIDITY OR INVALIDITY OF SUCH ASSERTIONS, OR THAT ALL SUCH ASSERTIONS THAT HAVE OR MAY BE MADE ARE SO LISTED.
4. TERMINATION OF LICENSE.
In the event of a breach of this Agreement by you or any of your employees or members, Licensor shall give you written notice and an opportunity to cure. If the breach is not cured within thirty (30) days after written notice, or if the breach is of a nature that cannot be cured, then Licensor may immediately or thereafter terminate the licenses granted in this Agreement.
All notices required under this Agreement shall be in writing, and shall be deemed effective five days from deposit in the mails. Notices and correspondence to either party shall be sent to its address as it appears below. This Agreement shall be construed and interpreted under the internal laws of the United Kingdom, without giving effect to its principles of conflict of law.