SIMalliance: HCE is good for the NFC
ecosystem, but it’s no ‘silver bullet’
HCE explored and assessed in ‘Secure Element Deployment & Host Card Emulation’ discussion paper
29 April, 2014 – SIMalliance today announces the publication of Secure Element Deployment & Host Card Emulation, a discussion paper in which it contends that host card emulation (HCE) is good for the NFC ecosystem as a whole, but remains immature, unstandardised and, relative to secure element (SE) based deployments, vulnerable to malicious attack.
“HCE is a force for good in NFC, but it’s no silver bullet,’ comments Frédéric Vasnier, Chairman of SIMalliance. “It will make NFC more accessible and versatile to developers and help to speed more services to market which, as a result, will drive consumer familiarity and encourage adoption. However, service providers evaluating HCE for payment and other high-value NFC services should proceed with caution; HCE presents a new raft of challenges and has the potential to diminish both the transaction security and the end user’s NFC service experience. SIMalliance considers HCE to be best suited to lower value applications where stringent security requirements, optimal transaction speeds and always-available functionality are not mandatory.”
The paper provides an introduction to HCE and explores its value to the NFC ecosystem relative to SE-based solutions. SIMalliance maintains that HCE is most appropriately utilised in services where the emulated NFC application is not based on direct implementation of a current, pre-existing card application.
“SE-based deployments delivered via mobile network operators remain the sensible choice for high value, secure NFC services,” adds Vasnier. “In order to support this message, SIMalliance is now building on its daily contact with mobile network operators to encourage them publicly and collectively to adopt a more open, collaborative and flexible approach, both with service providers and with each other. By doing so, they will simplify NFC service deployments between mobile networks and also across national borders. This action will safeguard the future of payment and high value NFC services by enabling providers to maintain the security and usability benefits that today’s SE-NFC solutions already deliver.”
Secure Element Deployment & Host Card Emulation explores both the advantages and the limitations of HCE, providing insights and assessments on a broad range of related topics, including the investment risks for early adopters, the security fallibilities of Android 4.4, the scale of the HCE-NFC certification challenge and the prohibitive barriers to HCE acceptance in global transport and ticketing systems.
The paper, which is available to download at http://www.simalliance.org/en/se/se_marketing/, will be of interest to all NFC stakeholders currently evaluating HCE, its boundaries and its potential to contribute to the future of NFC services.
About SIMalliance (Security, Identity, Mobility)
SIMalliance is the global, non-profit industry association which simplifies secure element (SE) implementation to drive the creation, deployment and management of secure mobile services. The organisation promotes the essential role of the secure element (SE) in delivering secure mobile applications and services across all devices that can access wireless networks. By identifying and addressing SE-related technical issues, and both clarifying and recommending existing technical standards relevant to SE implementation, the SIMalliance aims to promote an open SE ecosystem to facilitate and accelerate delivery of secure mobile applications globally.
SIMalliance members represent 86% of the global SIM card market. As such, the SIMalliance’s membership is responsible for delivering the most widely distributed secure application delivery platform in the world (UICC/SIM/USIM).
SIMalliance members are Eastcompeace, Fundamenture, Gemalto, Giesecke & Devrient, Incard, Kona I, Morpho, Oasis Smart SIM, Oberthur Technologies, VALID, Watchdata and Wuhan Tianyu.
SIMalliance Strategic Partners are Comprion, Linxens and Movenda.
For more information visit www.simalliance.org
