1. Thomas de Lazzari Smart-University 2009
Architecture & Development of NFC Applications Mobile Java development, Java Card, USIM and touch-based services
Thomas de Lazzari
Smart-University 2009

2. Presentation
Project Manager at the University of Nice with Serge Miranda
Ticket TAP
Campus Nova
NFC Container
NFC Forum competition (WIMA, Monaco)
R&D Team in Morocco (mobile money transfer)
Blog:

3. Campus Nova
NFC trial with Credit Agricole and mobile payment at the student cafeteria in Sophia-Antipolis

4. Receive personalized offers  Read and seek valuable offers
Ticket TAP
mobile is digital, targeted and personal
VS.
Receive personalized offers 
Read and seek valuable offers
50% reduction for girl students at the star light Dance Club ?
Come & see us:
Get 10% off ladies bags until tomorrow
Present
Future

5. Partners

6. Objectives Introduction to NFC, its Ecosystem
Radio Frequency Identification
Contactless cards
Standardization bodies
Roles and Actors
NFC tags
NFC on a SIM card
Smart Cards
NFC services
use cases
Pilots and business aspect
Available devices

7. Objectives (2) NFC for developers Dev kits Reading/Writing tags APDU
JSR 257 & 177
Java Card
PC/SC readers JSR-268
Midlet
SCWS
Demo and Examples
Conclusion

8. Mobiquity MOBIlitY (Mobile) UbiQUITous (Internet)
One of the major added value for NFC is the security of third party applications provided by the SIM card.

9. Google Android

10. ATAWAD
Google is going from web to mobile. This means you can now create a contact or an entry in your calendar from your mobile and data is automatically replicated not on the SIM but on Google servers (trust and private life is another debate). 
ATAWAD = Any Time, Any Where, Any Device
They start from the needs without necessarily innovate.
They did not create the search engine, they just improved it.
In 5 years we’ll probably say: "they didn’t create the mobile, they’ve just improved it."

11. Needs of NFC ? NFC is not like GPS NFC strenghts NFC in SIM card
The value chain and the different roles are complex.
NFC strenghts
Smart poster.
Configuration shortcut.
NFC in SIM card
Digital signature.
Secure payment.
Handset manufacturers Nokia, Apple, ... must agree with MNOs Orange, SFR, ...

12. Introduction to NFC,
its Ecosystem
PART 1

13. RFID RFID : Radio Frequency Identification
RFID Tags: Store and retrieve data (with a distant reader)
History : radar technology, cow identification (year 1970).
Use case examples: road taxes, trace books in libraires, access card, shops (Wall-Mart).
RFID tags types
Active
Passive (without battery)

14. Best compromise for most cards and tickets
RFID Frequencies
KHz
Round corners
Through most things
No radiation problem
No reflection problem
Cheaper electronics
13.56MHz
1m max range
Doesn’t work through metal and fluids
UHF
Long range (up to 10m without battery)
GHz
Long range
High data rate
Smallest
Best compromise for most cards and tickets
CONVEYANCES, VEHICLES, LIBRARY, LAUNDRY, ITEM LEVEL TAGGING, BANKNOTES, ERROR PREVENTION, SECURE ACCESS, AIRPORT BAGGAGE
ANIMALS, BEER BERRELS, GAS CYLINDERS, SHOES OF MARATHON RUNNERS

15. From RFID to NFC Can communicate with objects Magnetic field induction
Contactless technology based on RFID 13,56MHz
NFC is standardized ECMA-340 and ISO/IEC 18092
Backward compatibility with ISO14443 and SmartCard
Millions of readers
Easy to use

16. Contactless Cards 85%+ of the access control / Ticketing
FELICA (sony) encryption key generated dynamicaly at each auth.
Topaz Tag Innovision
MIFARE Standard:
512bits UL (no security) used for tickets
Other formats : 1K (768 Bytes data), 4K
The 16bits random of MIFARE has been hacked
NXP announced MIFAREplus
MIFARE DESFire preprogrammed card Example: Oyster Card in London
Gemalto: Mifare 4 Mobile
Contactless Java Card
85%+ of the access control / Ticketing
ISO14443 market is Mifare®

17. NFC NFC FORUM http://www.nfc-forum.org
NFC allows a device to read and write a contactless card, act like a contactless card and even connects to another NFC device to exchange data.
3 modes :
Card reading (MIFARE …)
Peer to peer (initiator & target)
Card emulating
Distance : centimeters
Bandwidth to 424 kbits/s
NFC Forum : NDEF specs
N-Mark:

18. Standardization bodies
ETSI / SCP (Smart Card Platform) to specify the interface between the SIM card and the NFC chipset.
EMVCo for the impacts on the EMV payment applications.
GSM Association
Mobey Forum for mobile financial services
AFSCM is French association for mobile contactless
Download specifications here:
Global Platform to specify a multi-application architecture of the secure element.
Etc.

19. NFC FORUM SPECS Peer to peer mode Read/Write mode Card emulation mode
Applications
LLCP
(Logical Link
Control Protocol)
RTD
(Record Type Definition)
&
NDEF
(Data Exchange Format)
Card
Emulation
(Smart Card Capability
for Mobile Devices)
RF Layer ISO ISO Type A, Type B + FeliCa

20. Smart Poster Specifications Location based services
List of proximity services depending on Points of Interest
Trailers
Tickets booking
From SMS push to Smart Poster « pull »
Specifications
NFC Forum releases specification for NDEF.
NFC Data Exchange Format which is a way to « format » RFID tags to be compatible with NFC applications.
Works with MIME type.

21. Smart Poster RTD MAY SHALL
Action record values
Value
Action
Do the action (send the SMS, launch the browser, make the telephone call) 1
Save for later (store the SMS in INBOX, put the URI in a bookmark, save the telephone number in contacts) 3
Open for editing (open an SMS in the SMS editor, open the URI in an URI editor, open the telephone number for editing).
For example, the Smart Poster record defines a URI plus some added metadata about that URI.
MAY SHALL

22. NFC Forum tag types http://www.nfc-forum.org/specs/
Interoperability between tag providers and NFC device manufacturers
Type 1, based on ISO14443A. Tags are read and re-write capable; users can configure the tag to become read-only. Memory availability is 96 bytes and expandable to 2 Kbytes. Communication speed is 106 Kbit/s.
Type 2, same as Type 1 except that memory availability is 48 bytes and expandable to 2 Kbytes.
Type 3 is based on FeliCa. Tags are pre-configured at manufacture to be either read and re-writable, or read-only. Memory limit is 1Mbyte per service. Communication speed is 212 Kbit/s or 424 Kbit/s.
Type 4, fully compatible with ISO14443A and B standards. Tags are pre-configured. Up to 32 Kbytes per service. Communication speed is up to 424 Kbit/s.

23. OTA NFC Service Management Contactless service management platform
NFC Roles and actors
Service
provider
Application owner
Mobile station holder
POS
NFC
SIM
Trusted Service
Manager (MNO or TTP)
OTA NFC Service Management
Contactless service management platform
Card Issuer MNO
(SIM Card management system)
SIM Card Manufacturer
(Smart Card provider)

24. TSM Final user Customer SIM Application GUI NFC service provider 3 2 1
NFC service operator
Life cycle management system for mobile NFC applications 3
NFC applications repository
Service profile platform 2
Operator information system
Customers data
Profile data 1
cardlets
Customers management database
Webapp
KS FS
Interfaces
TSM
SDD management system
Subscribe
a service
KS SSD
Mobile domain
SIM
management
system
Customers management database
Card management system
Subscribe a service
KS ISD
Customer service
Mobile operator
Network access
Subscribe a service
SIM card
Application
Customer
Application data
Final
user
KS FS
GUI

25. Use case: phone is lost Service provider Mobile operator TSM Customer
Tells phone has been lost
Tells customer has new SIM card
Service installation request after customer registration
Mobile operator
TSM
Tells phone has been lost
Tells customer has new SIM card
Services management & referral for SP
Ask for token (delegated management)
Ask applet installation via ISD (MNO centric model)
Customer
Install NFC services

26. Global Platform - security domains
Mandated DAP
(applications integrity at plaform level)
Issuer Centric
(only ISD management)
DAP Verification
(application integrity by SSD)
Delegated Management
(token management)
Authorized Management
(dual management)
Low TRUST High
High CONTROL Low
By Gemalto

27. NFC on a Mobile Phone one thing among all
GPS
Screen with a user interface
Security
Keyboard
Contactless
Loudspeaker and Microphone TV
Camera
Network
etc.

28. NFC Architecture

29. NFC in a SIM Card
PART 2

30. Smart Card
Piece of plastic the size of a credit card hosting an electronic circuit that can store and process information.
The integrated circuit (chip) may contain a microprocessor capable of processing this information, or it can only contain non-volatile memory with a security component (memory card).
Smart cards are mainly used as means of personal identification (identity card, access badge to buildings, health insurance card, SIM card) or payment (credit card, electronic purse) or proof of subscription to prepaid services (calling card, ticket).
Contact or Contactless smart card readers are used as a communications medium between the smart card and a host (point of sale).

31. Smart Card used in France for healthcare refunds (Carte Vitale)

32. Smart Card history
1968
The automated chip card was invented by German rocket scientist Helmut Gröttrup and his colleague Jürgen Dethloff.
French inventor Roland Moreno actually patented his first concept of the memory card.
Michel Ugon from Honeywell Bull invented the first microprocessor smart card.
Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto- program the chip.
1974
1977
1978

33. Smart Card until today
1983
The first mass use of the cards was for payment in French pay phones (Bull CP8).
Smart Card is standardized ISO 7816.
The second use was with the integration of microchips into all French debit cards.
First Java Cards.
Axalto and Gemplus, at the time the world's no.2 and no.1 smart card manufacturers, merged and became Gemalto.
1987
1992
1997
2006

34. Smart Card categories Contact card Contactless card Memory card
Microprocessor card

35. The memory card EEPROM read/write memory (4K max) Advantages Drawbacks
Ex: Mifare
Advantages
Simple
Cheap
Drawbacks
Security (easy to duplicate)

36. Very secure for a reasonable cost
Microprocessor card
Microprocessor used by the application running on card to calculate operations.
Each card can be personalized and updated after manufacture (for banks with more than customers). 
Credentials can be updated while the card is inserted in a bank automat for example.
Very secure for a reasonable cost

37. Smart Card security Information stored can be protected by a PIN code
Cryptographic operations
Circuit is shielded
Unique serial number
Software security
Access control to data
Data integrity
IN/OUT firewall

38. Smart Card anatomy CPU: Control Processing Unit
SRAM: Static Random Access Memory
ROM: Read Only Memory
Static
Store the Operating System
EEPROM: Electrically Erasable and Programmable Read Only Memory
Persistent
CRYPTO:  Cryptographic processor
RNG:  Random Number Generator
Used to generate keys

39. Smart Card connectors A Smart Card has 8 connectors : (ISO7816-2)
C1 Vcc
C2 RST
C3 CLK
C4 RFU (Reserved for future use)
C5 GND
C6 Vpp (old EEPROM)
C7 I/O (bi-directional, in half-duplex mode)
C8 RFU (Reserved for future use)

40. Contactless Card
ISO defines the standard for Contactless Card.

41. Smart Card applications
Secure a computer
Store internet security certificate
Hard drives can be encrypted using and attached Smart Card
Used to authenticate a user on the computer (at login screen)

42. Smart card applications
Payment
Credit card, SIM card, TV Channel card, Access card
Transports
Electronic purse (coffee machine)
Identification
PKI
Digital signature
Can store biometric data
2009 in Spain and Belgium: eID card
2 certificates: one used to authenticate and one to apply the digital signature (real legal value)

43. Pyramid of Authentication Technologies
Higher level of security offered for highly valued information
PKI
Biometrics
Digital Signature Certificate - PKI
Digital Signature Certificate – PGP
Password + SSL
Password/Tokens
(without encryptions)
User private key is kept in a device such as a smart card. Biometrics are also used to protect key.
User’s private key is stored on a portable computer device such as a disk.
User name and password authenticates
User – PGP encrypts data.
SSL encrypts data.

44. NFC potential, services
and devices
Part 3

45. NFC on iPhone http://www.nearfield.org/ NFC already on iPhone:
Stickers, 30-pin RFID readers, SIM add-on…

46. Added value services Exchange data, P2P
Configuration (bluetooth pairing)
Vending machines, service maintenance
Loyalty, couponing
NFC poster, get information
Ticketing
Medical, home care
Web applications
Payment solution
Access control
Mobile signature
Etc.

47. NFC Use cases
by Nokia

48. Mobile Ticketing
A customer books two tickets for a concert.
He pays and downloads his tickets on his mobile phone with a simple touch.
He meets with his girlfriend and transfers the ticket on her mobile.
They arrives and unlock security gates thanks to their NFC mobile phone.
14 millions RFID tickets were produced by ASK for Olympic Games in China - 
Mobile ticketing will become more popular over the next few years, with 2.6 billion tickets worth $87 billion, delivered by
Juniper Research (April 2008)

49. NFC in the World (2009) http://www.nearfieldcommunicationsworld.com
Japan with Sony FeliCa, NTT DoCoMo NTT Docomo reports 10 million mobile credit card customers
StoLPaN « Store Logistics and Payment with NFC » is a pan- European consortium supported by the European Commission’s Information Society Technologies program:
Akbank and Turkcell test NFC in Istanbul
Visa launches NFC trial in Brazil
Citi launches NFC trial in India
Telefónica launches O2 Money, says it is ready to deploy NFC
Nokia Money
41 NFC-related trials and launches in the Asia-Pacific region so far…
etc.

50. NFC in France (2009)
Disneyland Paris to test NFC and contactless cards from October 2009, with Crédit Mutuel and CIC banks.
Smart-Park with VINCI Park and Monext.
Paris Metro: Paris transport operators to launch NFC ticketing from the end of STIF will coordinate the Paris transport operators (Optile, RATP and SNCF Transilien) and the participating telecoms operators (Orange, Bouygues Telecom and SFR).
Pegasus workgroup: multi-operator (Orange, Bouygues Telecom, SFR), multi-bank (BNP Paribas, Groupe Crédit Mutuel-CIC, Crédit Agricole, Société Générale) with MasterCard, Visa Europe and Gemalto for mobile payment in two cities: Caen and Strasbourg
Nice NFC city nice-ville-nfc

51. NFC gives sense to touch based services
Display
Components of an object hyperlinking scheme
Object
Mobile device
Wireless service provider
Reader
Tag
+ URL
Information on Objects
NFC is not a Bluetooth replacement. NFC is not made to transfer objects.
One of the key argument for NFC is to pair a Bluetooth device.
More than wireless.
Proximity and contact.
Secure payment.

52. NFC tomorrow
Hard beginning Three years ago, ABI Research predicted half of mobile phones in the world will be NFC ready in 2009.
Juniper research, september 2009:
NFC Mobile Payments to Exceed $30bn by 2012, Supported by Revenues from Mobile Coupons and Smart Posters
June 2009: Top handset manufacturers begin sampling NXP’s PN544 NFC chip The PN544 NFC controller is the first fully industry standard NFC handset chip, offering compliance with the Single Wire Protocol and with Mifare.

53. NFC tomorrow
In a recent presentation, Sony Ericsson says mobile NFC will take
more than 5 years to become mass market.

54. NFC keys of success Complex value chain + Mobile OTA B2C battle
Reach and availability
The availability of NFC phones and SIM card
Variety of use
Ease of use
See iphone
Security
Be able to lock payment card
Added value services
Advantage for customer ?
Infrastructure
NFC access points in shops
Complex value chain +
Mobile OTA B2C battle

55. NFC Devices NFC Phones using single wire Protocol and UICC (08/2008)
The Sagem my700X
The LG L600V
The Nokia 6131 SWP
The Motorola SLVR L7
All devices are more or less concept devices and come with an InsideContactless NFC Chip.
In order to develop applications with these devices a Dev Kit (like the Gemalto Developer Suite) and a SWP UICC is required. All four devices are already capable of using SCWS.

56. NOKIA 6212 Java MIDP 2.0 Bluetooth 2.0 2 megapixel camera
3G connection
Share business cards, bookmarks, calendar notes, images, profiles, and more.
Contactless payment and ticketing capabilities.
Access to mobile services and information with a simple touch.
Uses Java specification requirement 257 (JSR 257) for third-party NFC applications.
Jeremy Belostock on the future of NFC

57. Nokia 6216 First SIM-based NFC handset by Nokia
normal availability appr. Q1/2010
Nokia 6216
First SIM-based NFC handset by Nokia
Capable of storing credit card, user account and other security details on the SIM card,
See video,
Jeremy Belostock, NFC, and operators

58. Security and memory for RFID tags vs cost
National ID card
Passport label / page
Aircraft part tag
Security and/or memory size
Secure access or credit card
Transit card
Transit ticket
Specification typically ISO or (read distance to 50 cm)
Library book label
Item drug label
Retail pallet
/ case label
7cents Chip cost dollars

59. NFC requirements
Integration at a POS level: define an application protocol
NFC services such as access control must also work if Mobile is OFF
See, battery levels and thresholds of mobile phones
Certification and Mobile signature (Wireless PKI)
What is the added value if service already exists
Backward compatibility: MIFARE type A / type B
Mesure social impact before
Service Providers need interfaces (SOA) with MNO and TSM
Tickets or direct payments
OTA customization for Service Profiles
See AFSCM specifications
Interoperability with different phone OS & manufacturers
Allow different secure chip or flash memory ?
Customer understanding between different applications such as paypass, electronic purse, credit card emulation

60. NFC for developers
Part 4

61. Developing on a Mobile Phone is
except on iPhone 
J2ME OS
NFC Chip & SIM
What are the solutions to develop a 3rd party
application on a mobile phone
Different operating systems, browsers, etc.

62. NFC Phone Architecture
OTA
Single Wire Protocol (SWP) architecture: SIM & SE is same Java Card.
MIFARE is a storage which enables the phone to act like a MIFARE card.
Applications
J2ME OS
From a developer's point of view it does not matter at all where the SE is located. You will still code against the GlobalPlatform specs. The only difference comes with the distribution/lifecycle model; and since in most cases, the operators control both the SIM card and the phone, the difference is largely academical anyway.
Of course, business people may think differently, but that's their problem.
Jalkanen, Nokia discussion boards
CPU
UICC SIM
Apps OS
NFC Chip
External
env.
NFC antenna

63. NFC and C (with Java Native Interface)
JNI allows to call C code and DLL in Java.
 To use JNI, you must follow the following steps:
Create a Native method in Java
Once the Java class is compiled, you must generate a header file with the tool javah –h.
Compile the native code using the interface generated at step 2. Change the methods headers and params.
For example: a String becomes a Jstring.

64. NFC and Java
Java / NFC Java is the key. It allows technologies to work together : Bluetooth, Video, Music, GPRS, …
Problems of JSR not implemented on a mobile phone
Graphical user Interface are not always compatible : screen size, different JVM.
Solution: Mobile Distillery ? SVG ? Flash lite ? SIM Toolkit ? SCWS ? HTML5 ?
Native application : security problem, no API, manufacturer lock… Symbian development is heavy.

65. Development Kits Java IDE such as Eclipse or Netbeans
SDK from manufacturers (Nokia)
Dev Kit from card issuers (Gemalto, Oberthur)
Dev Kit from MNO (Orange)

66. JCOP Tools Applet extends javacard.framework.Applet MIDlet
JCOP tools need
activation key:
compatible PC/SC reader
Configure SE keyset to 42 ENC, MAC and KEY are all " A4B4C4D4E4F”
Applet extends javacard.framework.Applet
MIDlet
public void process(APDU apdu){
byte[] buf = apdu.getBuffer();
// Ignore Select instruction.
if (buf[ISO7816.OFFSET_CLA] == 0x00 &&
buf[ISO7816.OFFSET_INS] == (byte)0xA4) {
return; }
String uri = System.getProperty("internal.se.url"); ISO14443Connection iseConn = (ISO14443Connection) Connector.open(uri);

67. Gemalto Developer suite

68. Gemalto Developer suite

69. Nokia 6212 SDK Compatible with Netbeans and Eclipse

70. JSR-257 Contactless communication API
For NFC and Infrared
Optional package for J2ME
DiscoveryManag er Target listener (no matter the type)
Connection NDEF & ISO14443

71. MIFARE Security in a MIFARE 1K CARD
Card is composed of 16 sectors with 4 blocks of 16 bytes each.
In each sector a block is reserved to define access bits. Ex : block 7.
A key is initialized to read and write data blocks.

72. MIFARE Anti-collision
Request
An anti-collision system allows to operate with many cards in the same magnetic field.
The algorithm selects each card one by one and ensures that the transaction takes place on the selected card without data corruption.
MAD (MIFARE Application Directory) is a table written in first sector and used to identify which sector is dedicated to a specific application.
Transaction time
Identification 3ms
+ 1ms / collision
Anti-collision
Card id ?
Select card
Authentication 2ms
Authentication
Read block 2.5 ms
Write block 6ms
Read/Write
GSMA tech guide: NFC mobile device and reader shall be less than or equal to 250ms to meet Service Provider requirements.

73. Receive read-only data from NDEF tag
NDEF push
The MIDlet can see that it was launched by touching a tag, by reading the DiscoveryManager property LaunchType.

74. Java Card
Java Card MIFARE ProX & SmartMX are cards with microprocessor and OS (for example JCOP).
An Applet is a JAVA CARD application stored inside the Secure Element.
APDU COMMANDS is a way to communicate with Applet
ISO14443Connection and APDUS
Security : Crypto Processor

75. Java Card description
At the beginning, applications on Smart Card were all developed proprietary and native.
There was a need to find a generic way to develop an application that could run on 2 Smart Cards issued by different companies.
The Java Card technology allows developers to gather around one way of programming using Java. And it openned the path to third party applications.
This technology can also be used to develop on a SIM card. A SIM card has more memory than other types of Smart Cards like Credit Card.
Java Card includes:
An API (application programming interface) to define Java libraries that can be used
A virtual machine
Runtime (JCRE) : memory and security management
Java Card SDK provides an environment to test applets, a tool to upload applets into the Java Card, and code examples.

76. Smart Card protocols PTS : Protocol Type Sélection
Byte-level transmission protocol, defined in ISO/IEC
T=1
Block-level transmission protocol, defined in ISO/IEC
APDU
transmission via contactless interface, defined in ISO/IEC
PTS : Protocol Type Sélection
ATR : Answer To Reset

77. ISO 7816-4: APDU APDU Command (C-APDU), sent by reader to the card
Header, 4 Bytes
Class instruction (CLA)
Code instruction (INS)
Parameters : P1 et P2
Optional body (random size)
Lc = length of body (data) in Bytes
Le = length of response to the command (Bytes)
The data field contains data to be sent to the card, to process instructions specified in header.

78. APDU command types
4 APDUs commands are possible depending on whether it expects a response back or if it contains data.
No data, no required answer
CLA INS P1 P2
Data, no required answer
CLA INS P1 P2 Lc Data
No data, required answer
CLA INS P1 P2 Le
Data, required answer
CLA INS P1 P2 Lc Data Le

79. AID
AID = unique identifier for an application or a certain type of files
First 5 bytes are RID (resource identifier)
Following bytes are PIX (proprietary identifier extension)

80. Java Card
Select

81. Java Card: CAP
A smart card is inserted into a Card Acceptance Device (CAD) to power on the integrated circuit.

82. Java Card features Threads Garbage collector
CPU on JavaCard does not support multiple tasks and you can’t use « synchronized » or « volatile ».
Garbage collector
Finalize() not supported
Non-supported types: Long, Char, Float, Double
Supported types:

83. Java Card features Java Card support atomic transaction
System.beginTransaction()
System.commitTransaction()
System.abortTransaction()

84. Java Card security
« Sandbox »: In Java, code and application data (resources) are protected by a sandbox and can’t interfere with other applications.

85. Java Card applet
Let’s take the example of a Wallet to see how to code an applet.
This applet allows the SIM card to act as a real eletronic purse.
Use cases
The applet can add and substract money to a balance
Shows the actual balance of the purse
It includes a mechanism to ask for a PIN code for security purposes
See articles on Sun website

86. Wallet.java

87. Java Card applet Wallet
Package declaration
Java naming convention
Java Card framework
package com.sun.javacard.samples.wallet;
import javacard.framework.*;

88. Java Card: applet Wallet
The Java class must extend Applet. It defines all the methods to communicate with JCRE.
public class Wallet extends Applet

89. Java Card 2 modes
An applet is unactive until it receives an APDU command
Card Emulation
Reader Emulation

90. Applet PIN code
In the Wallet source code, the VERIFY method checks the PIN code. The APDU command contains the parameter PIN (stored inside the data field).
If PIN code is the same than the one defined during the installation process, the method returns true.
PIN_TRY_LIMIT = 3

91. Wallet_CLA =(byte)0xB0;
CLA and INS
We choose the hexadecimal value 0xB0 to identify our Wallet.
This value identifies all APDU commands that are processed by the applet.
It means that the APDU commands debit and credit all start with the byte CLA 0xB0.
Wallet_CLA =(byte)0xB0;

92. INS The 2nd byte of an APDU command identifies the instruction
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50

93. Other values Other fixed values of our electronic purse The variables
// maximum balance
final static short MAX_BALANCE = 0x7FFF;
// maximum transaction amount final static byte MAX_TRANSACTION_AMOUNT = 127;
// maximum number of incorrect tries before the
// PIN is blocked
final static byte PIN_TRY_LIMIT =(byte)0x03;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
OwnerPIN pin;
short balance;

94. public void process(APDU apdu) {
Applet structure
Constructor
Install
Select
Process
Header analysis (CLA and INS)
public void process(APDU apdu) {

95. Send and receive APDUs setIncomingAndReceive(); setOutgoingAndSend()
Transfer mode
Expected length for the answer
Send bytes in response
byte[] buffer = apdu.getBuffer();
short bytes_left = (short) buffer[ISO.OFFSET_LC];
short readCount = apdu.setIncomingAndReceive();
while (bytes_left > 0) {
//{process received data in buffer} …
bytes_left -= readCount;
//get more data
readCount = apdu.receiveBytes (ISO.OFFSET_CDDATA); }
byte[] apduBuffer = apdu.getBuffer();
apduBuffer[0] = byte1;
apduBuffer[1] = byte2;
apduBuffer[2] = byte3;
//0-offset, 3-number of bytes to send
apdu.setOutgoingAndSend(0, 3);

96. Get Balance Retrieve current balance of the electronic purse CLA: 0xB0
INS: 0x50: GET BALANCE
P1: 0x00: Normal mode
P2: 0x00
Data:
in: none.
out: 2 bytes of balance.

97. Credit Mutual authentication
To send the APDU command, you must first initialize a secure transaction with the applet (MAC):
CLA: 0xB0
INS: 0x30: CREDIT
P1: 0x00: Normal mode
P2: 0x00
Data: - in: 2 bytes of value to credit.
- out: 2 bytes of updated balance.
- exception: ISOException with reason SW_SECURITY_STATUS_NOT_SATISFIED (0x6982) if authentication failed.

98. JSR-177 SATSA JSR-177: Security and Trust Services API for J2ME
Used to communicate with SIM card
Used to encrypt/decrypt/sign data
Example with symmetric algorithm here: of_data_using_JSR-177

99. Gemalto examples
APDU commands of GPPurse applet are stored in the file APDU_Commands.atf that comes with the project. You can open this file with the Jcard Manager and execute each command at a time.
Or manually thanks to the option Send APDU in the menu bar.

100. Gemalto developer suite: Instance AID

103. Global Platform Card OS
Nokia 6131 Secure Element
Secure Element consists of Java Smart Card area and Mifare 4K area
A specific API provided for Applets to access Mifare memory
All access is password protected
Password is one-way hashed from Mifare KeyA and KeyB
JCSystem : atomic transaction management
The Secure Element IS NOT a play ground
Global Platform Card OS
Java Card Applet
Mifare 4k
Access Mechanism
Protected by Issuer specific secret keys
Protected by transport keys

104. PC/SC readers SCM reader uses PC/SC driver (Windows)
Other readers: Philips Pegoda, Omnikey Cardman, etc.
The most commonly used smart-card interface is PC/SC, a middleware layer backed by Microsoft, and part of the Windows operating system.
JPCSC is a Java-wrapper around the native PC/SC API. JCOP Tools includes JPCSC and uses it on Linux and MacOS X. On Windows, JCOP Tools uses the native PC/SC API directly.
JCOP Tools also includes the JCOP offcard API, which is a comprehensive smart card API with special support for Java Card and GlobalPlatform. That sits on top of native PC/SC, JPCSC, and some other proprietary card middleware.
OpenCard Framework (OCF), see (consortium split up).

105. javax.smartcardio
Java 6 introduces Smart Card I/O API defined by JSR 268.

106. Dev tools and architecture
Devices used - Mobile phone NOKIA Tags MIFARE 1K - Pegoda Reader / Philips - SCM Contactless Reader
For developers: Netbeans, Eclipse, Visual Studio, etc.
NFC software layers
Graphical User Interface (GUI), implemented in J2ME (or other).
Controller / Application logic (as much as possible), implemented on the Java Card / Secure Element.
Memory of the Mifare element used for storing data.

107. MIDlet proxy
OTA Server
Phone
Secure Element
MIDlet
Mifare
Applet
OTA provisioning can be done through HTTP / HTTPS or BIP/TCP.
BIP is a new generation protocol allowing remote SIM management over the air (remote file management, remote application management).

108. Physical layer Steps for a standard NFC communication Open Poll
Connect
Exchange
Disconnect
Close

109. J2ME Java Midlet
Java Platform Micro Edition Software Development Kit 3.0
Lightweight UI Toolkit (LWUIT) integration
ProGuard (obfuscator)
Limited storage
A mobile phone application is divided into 2 packages, a descriptor JAD file and a JAR file containing Java classes.
Thanks to the JAD file, the JAR file is installed on the mobile phone. Developer can set JAD attributes to manage permissions, push registry, etc.
Use a Controller to listen and launch threaded events:
Call to NFC chip
Print new screen
Save data in Record Store

110. J2ME Signature and certificate
Security exception
MIDP permissions
javax.microedition.io.file.FileConnection
javax.microedition.io.Connector

111. SmartCard Web Server SIM Toolkit successor.
SCWS technology can be installed on new generation SIM card and allows GUI management thanks to mobile web browser.
The SIM card is the authorization module for secure electronic transactions but it’s the mobile phone that controls and generates graphical interfaces. With SCWS, a developer can implement the full application in one package and deploy it directly on the SIM card. MMI and Applets are on the same media. Deployment and administration of applications are simplified. For example: if the user changes his mobile phone.
Moreover, generated interfaces are compatible with most phones but the rendering and user interaction is not necessarily better.

112. SCWS Demo

113. Example of applications
NFC Applications – My Keys
Office
Home
Car
Edit
Delete
Parking P5
New key
received.
Open application ?
Yes No
Writing key
75%
Installing key…
Key added
Exit
Access granted.
Add a shortcut ?
Lock A
PAMS Zone 1
PAMS Zone 2
Credential for PAMS Zone 2 can unlock A and B
Lock B

114. Mobile Signature Service Provider
See Mobile PKI (ETSI).
The MSSP platform is a solution to manage digital signatures for a MNO.
Two processes:
Registration: to obtain a certificate and a private key
Signature: to sign data (with private key)
Service Provider
MSSP
Certification authority
Operator

115. Ex: eBanking authentication
Customer accesses his bank website thanks to his login/password.
Bank sends a request for authentication to Operator (WPKI). This request includes the mobile number (IMSI: International Mobile Subscriber Identity)
Customer enters PIN code
eBanking service is authorized
Back Ok
Enter PIN code
Secure
Application Ok
You are now
authenticated
The application needs to verify your identity
**** Ok
Back

116. DEMO Creating a Java Midlet Netbeans Mobility pack Reading a NDEF tag
Uploading an Applet on a Secure Element
Send an APDU command to my applet from the mobile and from a PC/SC reader.

117. HelloKiosk

118. Conclusion NFC in handsets without knowing it really soon
Industry is now convinced
SDK standardization
Easy to use ! Remember iPhone

119. Conclusion Use J2ME 3.0 Use JSR 257 or SCWS Optimize your code
For developers
Use J2ME 3.0
Use JSR 257 or SCWS
Optimize your code
Store your data online
Never trust a MIDlet
Sign your application
Use J2ME Polish or LWUIT to adapt your application to your target platforms (screen size)
Use web app for cross-platform development
Use AFSCM specifications for OTA
NFC is not an exchange protocol but identification

120. Resources
Writing a Java Card Applet

121. Resources
Contactless Smart Cards and NFC Peter Harrop, Ning Xiao & Raghu Das
thanks for pictures
RFID Information
Mobile payment blog
Great blog on Java Card development
Special thanks to Nicolas Pastorelly who helped me on some slides

122. Contact me Master MBDS, University of Nice Sophia-Antipolis