I. Briefly describe the current status of urban card application
With the continuous development of urban information construction and application, the urban smart card system with IC card as storage and identification medium has been widely used in the field of social public service and financial services. City Tongka has already surpassed the traditional application mode dominated by public transportation. Cross-industry, multi-domain applications and inter-regional interconnection have become the main development directions, effectively integrating government resources and improving the government's service function for the people.
The application of the city pass card can be summarized into eight major areas, including: transportation (bus, rental, refueling), consumer shopping (supermarket, convenience store), fashion life (beauty, dry cleaning), medical health, tourism development (scenic area card) , casual dining, cultural and entertainment life, payment services (water and electricity, mobile and fixed telephone charges).
At the same time, public utilities payment, financial services, and personal identification, which are closely related to the public, can be effectively connected through the city pass card, so that one card is used and the card is used to the real thing. Huimin.
1. City pass card industry market
According to incomplete statistics in the industry, there are currently more than 190 cities under the construction of the Ministry of Housing and Urban-Rural Industry Standards, covering 90% of the provincial capital cities and prefecture-level cities, covering more than 700 million people, and the number of inter-connected cards issued has reached 150 million pieces. Up to now, there are 72 cities in the country for inter-connected cities.
2, city pass card payment application
1) Mainstream payment application carrier:
Perfect card products: pure non-connected cards, dual interface cards, pure non-connected cards, etc., can be loaded with different applications (PBOC, bus card, third-party payment, etc.);
Mobile terminal products: SWP SIM card, SWPSD card, NFC SIM full card, NFC SD full card, SIMpass, eSE mobile phone, NFC mobile phone, etc.;
Mobile payment terminal equipment products: POS terminals based on mobile payment services, self-service (issuing) service terminals;
Mobile payment system platform: system products based on security core system TSM, key management, remote card issuance, account management and various value-added service platforms.
2) The TSM + SE ecosystem model is still maintained in mobile payment
3. Development direction of urban pass cards
In addition to the inter-regional and inter-industry interconnection, the development of mobile payment applications has become one of the future directions for industry expansion. In July 2015, the central bank issued the “Guiding Opinions on Promoting the Healthy Development of Internet Financeâ€, stating that Internet payment should always adhere to the purpose of serving e-commerce development and providing small, fast and convenient micro-payment services to the society. The introduction of this guidance has brought great opportunities for urban pass cards in mobile payment, especially mobile payment methods with financial functions. Taking NFC as an opportunity, around the characteristics of Tongka "small micro", to achieve air card issuance, recharge consumption, micropayments, etc., to bring convenience to the public, the city pass card under the guidance of "Internet +" national policy will Explore new directions.
Second, the application of HCE technology in the field of urban pass cards
1. Review mobile payment technology---NFC
Near Field Communication (NFC) is a mobile phone carrier that combines non-contact IC card applications into mobile phones. There are three main modes: point-to-point, card reader and card emulation. A service product that implements a variety of applications such as payment, identity authentication, and information exchange. Can greatly facilitate our work and life, let us easily enjoy the "brush life."
The first two modes are currently used in the market. For example, the two pairs of mobile phones use a peer-to-peer mode to establish a connection and transfer files after the collision, and the bus card can be read on the back of the mobile phone to read the balance and transaction records. The card reader mode is adopted. The card emulation mode is what we call a mobile phone emulation as a card. For the card emulation mode, it is currently based on storing all sensitive information in a security chip called SE to ensure the security of the entire environment. There is a chip in the mobile device called NFCController, which can be used for data routing according to the mode of NFC application. In the card reader and peer-to-peer mode, information is routed to the host CPU, while in the card emulation mode, data is routed to the SE chip for data authentication and encryption and decryption. It is precisely because of this that all parties in the industry realize that SE itself is a door to the "mobile wallet". By mastering SE, it can occupy a variety of uses such as payment, membership card, coupon, identification, transportation and access control. Scenes.
At present, there are three ways for SE, UICC (based on mobile phone SIM card), embedded SE (EmbededSE, embedded special SE chip in mobile phone), and one is SD card solution, but SD card solution needs to support SWP-SD The mobile phone support of the solution, and the models of related models on the market are still too few, and the experience in multi-service applications is also lacking. In the urban pass card industry, the embedded SE method is selected, and the SE is embedded in the card to ensure the security in the card application.
2. Overview of HCE Technology
HCE (host card emulation) is a new technology introduced by Google in the Android 4.4 (KitKat) version released at the end of 2013. The Chinese name is "host card emulation technology". Based on this technology, VISA and China UnionPay have successively released the HCE cloud payment technology specification, which uses the mobile APP software to simulate the security technology of the chip card to realize the bank card issuance transaction.
The emergence of HCE has changed the traditional routing method. The data in the card emulation mode can be routed to the so-called HCE service in the mobile APP, which is away from the limitations of the traditional SE chip carrier, so that the host can install a software that can call the HCE service to exist as the SE, various applications. The card key is stored in the cloud server (the other is the local terminal mode, the key is placed in the local terminal, mainly for small offline payment), when the transaction proceeds, the Host CPU will call the corresponding key from the cloud. Perform authentication. At present, the corresponding specifications of ISO14443 and ISO7816 have been implemented in the protocol stack of HCE, which can support the commonly used NFC card simulation applications.
HCE technology protocol features: support APDU protocol, compatible with AID entry application scenarios (such as: DC, EC, qPBOC and EDEP), support ISO14443-3TYPE A/Type B, support Android managed ISO14443-3 non-connected protocol parameters.
3. Comparison of HCE technology and SE technology
In this case, compare the HCE solution with the NFC full-terminal mobile phone solution. The NFC full-terminal mobile phone solution still integrates the NFC chip and the SE into the mobile phone, and the mobile phone client interacts with the security chip SE through the baseband processor, and can access the SE through the client mode. Perform application loading and other personalization operations. At the same time, the biggest difference with HCE technology is that the full terminal solution still needs to have a hardware SE security chip built in the mobile phone.
4, HCE technology combined with TEE
HCE's biggest attraction is to provide independent and lightweight client solutions to the application side. At the same time as the cost is reduced, the industry chain is also shortened. The city card has multiple application requirements, and security is always a requirement for mobile payment. Over the hurdle.
The HCE technology only implements the data of the NFC reader to the HCE APP (the application is provided by each sub-sector) and returns the reply data to the NFC reader. However, the processing of the data and the storage of the sensitive information are not specifically implemented. Points, so in the end HCE technology is a protocol and implementation that simulates NFC and SE communication. However, HCE does not implement the SE function. It only uses NFC and SE communication to tell the NFC reader that the cloud is connected behind the NFC reader (that is, the cloud connected to the mobile phone system), so that the security of the NFC service is completed by the virtual SE. However, the actual user operation and the operation processing of each city's card payment application software are often uncertain, and cannot guarantee the abnormal situation such as the user's own ROOT system, the existence of third-party malware acquisition system authority, counterfeit application, and background attack. safety.
Due to the lack of protection of the physical SE, the urban card application using the HCE cloud payment needs to be combined with other security hardening schemes to ensure payment security. HCE mobile payment based on TEE (TrustedExecution Environments) will be the most reasonable solution, providing a framework of security between common RichOS and SE, with the aim of high security sensitive applications and general software. The environment is isolated and has the ability to securely provide access to hardware resources such as secure storage, secure displays, and user interfaces. Here is an analysis of the UnionPay HCE-based mobile payment process framework, as shown in the following figure:
The following figure shows the HCE APP local authentication mechanism with enhanced security after combining TEE:
Combined with the TEE mobile solution, the existing cloud payment platform can be maintained without the modification, and the client security operation and storage can be directly moved to the TEE side. By default, TrustedOS is started independently of the operating system. By providing privileged access to device resources, it provides a secure storage and running environment for authorized applications, preventing sensitive applications and data from being attacked by malicious software from open operating systems. The confidentiality and integrity of the application and data also ensure the security of the HCE local payment mode and the cloud payment mode. Of course, the combination of HCE and Token technology is another mature cloud SE security solution, which will not be discussed in detail here.
5, HCE technology promotes urban pass card mobile payment application
1) Mobile payment application promotion
In the mobile payment promotion application of City Tongka, the main tool used is the NFC terminal product combined with mobile phone. In order to suit the usage habits, economic income and promotion advantages of various groups in real life, it can be divided into SWP SIM card, SWP SD card, SIMepay, SDepay, SIMpass, eSE mobile phone, NFC mobile phone and other related forms.
The SWP SIM card is one of the most popular NFC mobile payment products for mobile operators. The SWP SIM card is an international standard for SIM cards. A new standard SIM card is used as a security chip, and the card number and password are stored in the SIM card. NFC mobile payment. The advantage is that the connection between the NFC chip and the SIM card in the NFC mobile phone uses the C6 (SWP) contact, which does not affect the high-speed air data download of the SIM card. This type of NFC chip and the security module are separated from each other, and the security class such as payment is paid. The application is loaded on the SIM card, and the non-security application is installed on the mobile client. Although according to industry internal statistics, SWP SIM card shipments increased at an annual rate of 95% in 2014. However, from the perspective of the industrial chain, mobile operators control the application and mode of urban pass-card business, which implicitly restricts the development of urban pass cards.
(SWP SIM solution)
(SIMepay solution)
The SWP SD card is also one of the NFC mobile payment products. The Service Provider (SP) can issue the SD card by itself, so that the NFC service can be developed independently of the mobile operator. Therefore, the financial industry organization is more willing to adopt it when it is dominant. this way. However, the SWP SD card solution needs to support mobile phone support of the SWP-SD solution, and mobile phone manufacturers do not have such a technology application. Another SWP SD card can only support one SP service. If users want to use multiple types of services, they must switch between different SWP SD cards. The switching process is cumbersome and costly. SIMepay, SDepay, SIMpass, eSE mobile phones, and NFC mobile phones generate higher costs and less promotion.
2) HCE technology accelerates the transformation of urban pass card industry
HCE will be the connection point for online and offline business. HCE enables card issuers to issue "soft cards" on their own, get rid of the dependence on physical SE, integrate the original offline card business into the line, and establish a real-time reachable card. User interaction channels form revolutionary changes. If combined with the accurate analysis of big data, it will be able to further build an intelligent membership analysis system. The following is a mobile payment service application transaction process using HCE technology.
HCEAPP local authentication (front-end offline) payment service:
HCEAPP cloud payment service:
6. Discussion on wearable mobile payment combined with HCE technology
The cloud payment application of HCE technology is mainly limited by the limitations of "soft" and "hard": Android4.4 (KitKat) system and NFC function hardware. The smart phone industry is well known. The Android system's update iteration speed and user penetration rate are too slow and too low, and most smartphones do not support NFC. Even with data display, by 2018, two-thirds of the world's mobile phones will support NFC. Function, NFC mobile phone shipments will reach 1.2 billion units, but the acceptance of NFC functions by the nationals still needs to be improved, especially in terms of the frequency of replacement of smart phones, which is below the average level in Asia. How to use the more convenient and economical way to break through the "hard" restrictions on HCE development, wearable payment products will be the next key "hard" power.
We can envision the NFC near-field payment module out of the smartphone and built into the wearable payment product. During the payment interaction operation, the HCE APP authentication authentication/APDU service processing and the like are performed by the mobile phone and the cloud payment platform through the Bluetooth channel.
This method can solve the problem of low popularity of NFC mobile phone users, and does not change the usage habits and experience effects of the client. Wearable payment products have always been one of the products to enhance the user experience and improve users' acceptance of emerging technologies. More are the expressions of smart bracelets and smart watches, perhaps because of the existence of Apple Watch, smart bracelets and watches. It is the highest cognitive rate in smart wearable devices. Regardless of cost and user experience, the learning cost of smartphones is relatively low. Wearable products are an emerging near-field payment modality carrier in terms of breakthroughs in the promotion of cloud payment applications based on HCE technology. Theoretical solution.
7. Feasibility analysis of HCE technology in the application of card
1) Analysis from end user usage habits and user experience
There are too many restrictions on the application of HCE technology. For example, the primary change is to change the payment carrier to a mobile device with Android 4.4 (KitKat) system, and it must have an NFC Controller module. The application of HCE technology is meaningful. At present, the mainstream mobile phone manufacturer Samsung equipment has a market share of 30% in the global smart mobile device market, and only shipped 41.1 million units in 2013. Most of these smart products support NFC applications, including Samsung Galaxy Note II, Galaxy Note III, Galaxy S3, Galaxy S4, Galaxy S4 Active and Samsung Xoom. Although Samsung currently has a certain percentage of NFC support in many mobile devices, the application rate of Android 4.4 (KitKat) is only less than 2% of the total number of NFC smart devices, not to mention the global mobile device manufacturers supporting NFC in 2015. Mobile phone penetration is only about 20%, far below expectations. On the other hand, the end user will be changed to use the tool, which will obviously increase the upgrade cost. Here, one has to mention another situation, such as the consumer cannot perform the mobile payment function when the mobile phone is dead, or in the transportation. The need for longer execution times of hardware solutions for electronic ticket applications will hinder the popularity of the HCE technology in the market. These are also factors that need to be considered when promoting the development of HCE-based cloud payment.
2) Analysis from the perspective of payment security
Taking into account the security of the Android system itself, HCE authentication information is not stored in the system, but also requires complete end-to-end encryption, including signaling (Tokenization) and compatibility with existing specifications, which increases the cost of HCE system construction. At the same time, it means that once the key system stored in the cloud is compromised, payment security will fall into systemic risk.
HCE technology is more suitable for closed-loop application environments with lower security requirements, such as membership cards and coupons. It is also suitable for some application environments of card payment.
3) Analysis from the perspective of industry chain
HCE technology greatly simplifies the complicated and complicated NFC mobile payment industry chain, which makes the card issuer free from the long-term dependence on SE and truly gains independent control over SE. Under the HCE mode, relying on the SE cloud service infrastructure, such as the Eastcom and Equity card-making units and card issuers, will effectively control the access rights of the cloud SE, and the roles of each industry chain will be slowly transformed. The industrial structure and future development direction will be certain. Transition period.
8. Strong support for mobile finance at the level of industry policies and standards
1) Government promotion
Under the unique national conditions of China, any feasible innovation and technological breakthroughs and popularization are inseparable from the promotion of national government policies. From the inside of the smart card industry, it is known that the card mobile payment specification from the main export desk of the Ministry of Transportation also specifically supports the technical application of HCE.
"Traffic card mobile payment specification" Part 3: Near-field payment mentioned that "cloud payment transaction model refers to users through the client software or application management terminal to complete identification, comparison and authentication transactions, user accounts, application passwords, etc. The personal identity information can be stored in the cloud platform, using HCE, TOKEN and other mechanisms to achieve security authentication, without the support of the SE entity, as shown. ã€
2) Industry promotion
In the era of mobile Internet, mobile payment is developing at a high speed. Mobile financial innovation applications in the financial field are emerging one after another. Cloud payment based on HCE has recently become a hot spot, and several major banks have been involved. Following the launch of the HCE cloud payment credit card by the domestic ICBC, Weifang Bank, Nanjing Bank, and China CITIC Bank also launched corresponding cloud payment products. It is understood that BOC, CCB and UnionPay are also actively deploying relevant HCE products. In the foreign industry, the overall smart card industry chain such as VISA, Bankinter, PrivatBank, CARTAworldwode, and NXP is generally optimistic about the application prospects of HCE, Tokenization, TEE, etc., and has been widely welcomed by the industry.
to sum up
With the shift of smart card payment to mobile payment and digital payment, the whole smart card industry has a new thinking. According to Eurosmart, the European Smart Card Association, the shipment of SE security components will reach 901 million in 2015. Nowadays, with the development and application of HCE, Tokenization, TEE and other technologies, the popularity of NFC mobile devices will bring about changes in the entire mobile payment industry.
Banking business and services have embarked on the path of transformation and upgrading of Internet finance. For the future development of urban card, we have been concerned about the integration of cloud computing and big data technology, and based on cloud computing + software SE + Token + TEE Technology's mobile new products and new service methods will be the future choice.
In the face of the trend of digitalization, HCE's payment methods in the future must be diversified and integrated. We can't predict the direction of the smart card industry. What we need to do is to accept and apply new technologies and methods to promote the entire smart card industry. development of.
540 Needles Derma Roller,540 Facial Needling Roller,Finer Facial Needling Roller,540 Skin Needling Roller
Guangzhou Vantee Electronic Technology Co., Ltd. , https://www.finerroller.com