Create a Secure NFC Environment in the Cloud

By Robert R. Sabella

One method of creating a secure Near Field Communication (NFC) environment is to rely on Host Card Emulation (HCE). When using HCE, you don’t need an secure environment SE, although in some instances an SE can be used. When using HCE, an application running on the host processor of the mobile device performs the card emulation transaction with the external reader. The major benefits of using HCE are as follows:

  • Reduces application complexity for developers
  • Reduces hardware requirements, which opens NFC up to new applications
  • Makes provisioning card support for a mobile device easier and more flexible
  • Frees you from depending on the SE or Mobile Network Owner (MNO) owner

Of course, you don’t get all these benefits free. You also have some downsides to consider with HCE:

  • Lack of hardware-secured data storage and credentials on the device
  • Dependence on the operating system used
  • Use of an alternative security setup, which increases backend complexity

As with most other technologies, HCE follows a process to secure your transactions. Here’s a quick rundown on how the technology works:

  1. Someone initiates an HCE payment.
  2. The mobile device creates an NFC/in-app transaction.
  3. The application creates an authorization message.
  4. The authorization message travels to the cloud.
  5. Various cloud applications route the message to provide the required response.
  6. The mobile device receives the response message.
  7. A host synchronization process occurs.
  8. The payment issuer updates the user’s credentials — making the payment.