Secure your environment with UiPath and CyberArk technologies - Session 1
NFC In Mobile Commerce
1. NFC IN MOBILE COMMERCE
and Information Ubiquity
Use Cases, Technologies, APIs
C. Enrique Ortiz
January, 2008
C. Enrique Ortiz
Email: cenrique@ortiz.name
Phone: +1-512-635-4225
Skype: c.enrique.ortiz
Website: http://www.CEnriqueOrtiz.com
Weblog: http://weblog.CEnriqueOrtiz.com
MobileMonday Austin: http://www.MobileMondayAustin.org
2. A little bit about myself
• Long time mobile Java developer
• A regular writer and speaker on mobile technology
and blogger, and contributor to Carnival of the
Mobilists, Sun Mobility site, other
• Founder of MobileMonday Austin
• Founder and CTO at eZee inc, a mobile marketing
and media platform and solutions company
• Owner and Principal at Artemis Wireless Werks, a
provider of mobile strategy and development
services
4. Anything and Everything is Data
Everything in our wallets is just data; the
paper and plastic that we use for our driving
license and ID cards, our credit and debit
cards, our receipts, coupons, tickets and
even our business cards.
…and more importantly, anything that is
data can be carried on a mobile phone.
*Adapted from Mike Elgan, ComputerWorld, The Raw Feed
5. Information Ubiquity
Physical Interactions, Application Triggers, Physical Browsing
• Information everywhere
• Addressable (and thus identifiable) information, or
workflows for that matter
• Think physical interactions, application triggers and physical
browsing
– A number to call, a URL, a short-code, barcodes, radio tags
• On books, magazines, posters, soda cans, billboards
– For advertisement, for authentication, for control, for quick action,
access to information
– Some interactions are more manual than others
• The Mobile Handset is at the center of this ubiquity
6. Information Ubiquity
Examples of Physical Interactions and Application Triggers
Visual Tags
Short Codes
Proximity : Ticketing, payments, other
Radio Tags
7. Information Ubiquity
Interactive “Smart” Posters
Physical Interactions:
Interactive Posters provide
the perfect means for
service initiation (application
trigger). A poster, which
could be a label, an
advertisement or a plaque at
the store aisle or a billboard,
displays information of
Text “smart” to 2ezee
interest to consumers…
:
…and how to interact with it.
8. Example of Physical Interactions
Proximity (NFC)-based payments
External reader
connected to the
POS NFC Mobile
Handset with
Security Element
People will continue to
use cash, and credit
cards, and over time,
the mobile phone
Photo credit: Philips Arena. At Philips Arena in Atlanta, Georgia, USA, ticket
holders with NFC-enabled cellular phones make contact-less payments at
concession stands.
9. Mobile Commerce Concerns
Worry about security 39%
40%
Costs too much for airtime 22%
27%
Don't trust that transaction will be 18%
completed 24%
My phone doesn't have wireless 13%
shopping capability. 17%
Takes too long 12%
16%
Unaware of this option 12%
14%
Complicated navigation 9%
10%
Not enough information on the sites to 5%
make an informed 8%
Sites I want are not available 1%
3%
Items I want are not available 1% Q4 2006
3%
Q2 2006
Source: Telephia
10. Most likely short-term use-cases
What’s your opinion and why?
• Payments?
• Interactive / “Smart” posters?
• For Authentication?
• For Home Control?
• Marketing and Advertisement
• Other?
12. What is NFC?
• A short-range radio technology
• Operates at 13.56 MHz
• Transfers data at up to 424 KBits/second
• Activates when two NFC-compatible devices are
brought within ~four centimeters
• Transmission range is so short, it is inherently
“secure”
• NFC is still early stages, very young
13. NFC Compared to other short range
radio technologies
Source: The NFC Forum
14. NFC Standards
• ISO 14443 Type A and 14443 Type B
standards + FeliCa
– ISO 14443 is a four-part international standard
for contact-less smart cards operating at 13.56
MHz in close proximity with a reader antenna
• ISO 18092
– Defines communication modes for NFC Interface
and Protocol
16. Terminology
• NDEF - NFC Data Exchange Format
– Such as Smart Posters, URI Records
• RTD - Record Type Definition
– An NFC-specific record type and type name which may be carried in
an NDEF record
• NDEF message
– Basic message construct defined by this specification. An NDEF
message contains one or more NDEF records
• NDEF record
– Contains a payload described by a type, a length, and an optional
identifier
• NDEF payload
– The application data carried within an NDEF record
18. Anatomy of a Contactless Java
Application (MIDlet)
• Java Runtime
– Application, JSR 257
• RFID, NFC
• Antenna
• Secure Elements
• External elements
19. External Elements
• External Readers
– POS readers, MasterCard PayPass,
American Express Way, Visa
– Ticketing systems
• External Tags
– NFC, RFID, Visual
• External Smartcards
20. Secure Element (SE)
• Internal vs. External Secure Elements
– Smart Cards such as Java Cards
• MIDlets can access internal SE via SATSA
• MIDlets can access external SE via JSR 257 or
SATSA
• External readers access internal SE directly
via RFID (Card Emulation mode)
21. Typical Elements of a JavaCard
Application (mapped to NFC)
Internal
On Contact-less (NFC) Security
phones the External Element External
left-side could be an Reader Smartcard
internal reader, the MIDlet
MIDlet itself, or and
external reader (via NFC
Card Emulation Mode).
The right-side, the
“card”, could be an
internal SE accessible
via SATSA, or external
card accessible via JSR
257.
All communication
using APDUs.
http://CEnriqueOrtiz.com
22. NFC Programming
Using (JSR-257) Java Contactless
Communication API
• Discover and exchange data with
contact-less targets
– NDEF tags
– RFID tags
– External smart cards
• Support for visual tags
23. Contactless Communication API Java
Packages
1. javax.microedition.contactless (Mandatory)
• target discovery and classes common to all targets
2. javax.microedition.contactless.ndef
• communicate with tags (NDEF formatted data)
3. javax.microedition.contactless.rf
• communicate with RFID (no NDEF formatted data)
4. javax.microedition.contactless.sc
• communication with external smart cards
5. javax.microedition.contactless.visual
• reading and generating visual tags
29. Discovering and Listening for
Supported Targets
• Import, Implement Interface
– public interface TargetListener
– void targetDetected(TargetProperties[] properties)
• Discover supported targets by calling:
– DiscoveryManager.getSupportedTargetTypes();
• Add listeners for targets of interest:
– dm.addTargetListener(listener, TargetType);
30. Discovering and Listening for
Supported Targets
public void registerTargetListeners(TargetListener targetListener) {
// Discover supported types
TargetType[] tp = DiscoveryManager.getSupportedTargetTypes();
try {
// Register listener for each of the supported types
for (int i=0; i<tp.length; i++) {
if (tp[i].equals((TargetType.ISO14443_CARD))) {
dm.addTargetListener(
targetListener, TargetType.ISO14443_CARD);
} else...
:
:
}
}
} catch (Exception e) {
// ...
}
}
31. Detecting and Connecting to Target
• Method targetDetected is invoked by the
platform, passing a TargetProperties
• Get Target’s URL
• Connect to Target
• Exchange Data
• Process incoming message according to message
attributes
• Close connection
32. Detecting and Connecting to Target
public void targetDetected(TargetProperties[] prop) {
try {
// Select the first target
TargetProperties target = prop[0];
// Get URL
String url = target.getUrl();
// Open NDEFTagConnection to the target
NDEFTagConnection conn = (
NDEFTagConnection) Connector.open(url);
// Read Message
NDEFMessage m = conn.readNDEF();
NDEFRecord[] r = m.getRecords();
// Process message / records, modify record for writing out
:
// Write message out, close connectin
conn.writeNDEF(m);
conn.close();
} catch (Exception e) {
}
}
33. Detecting and Connecting
to Target (2)
public void targetDetected(TargetProperties[] prop) {
for (int i = 0; i < prop.length; i++) {
// Get UID
String uid = prop[i].getUid();
// Get Connection Classes
Class[] classes = prop[i].getConnectionNames();
// Get Target Types
TargetType[] types = prop[i].getTargetTypes();
// Connect to each Target
String url = prop[i].getUrl();
try {
// Open NDEFTagConnection to the target
NDEFTagConnection conn =
(NDEFTagConnection) Connector.open(url);
:
:
} catch (IOException e) {
// ...
}
}
35. Listening for NDEF Targets
(Read-only, no connection)
• Import, Implement Interface
– public interface NDEFRecordListener
– void recordDetected(NDEFMessage ndefMessage)
• Create Record Type, following naming rules
• Add listener
– dm.addNDEFRecordListener(listener, recordType)
36. Listening for NDEF Targets
(Read-only, no connection)
// Register NDEF_TAG target (smart poster) to discover
try {
NDEFRecordType spNrt = new NDEFRecordType(
NDEFRecordType.NFC_FORUM_RTD, quot;urn:nfc:wkt:Spquot;);
dm.addNDEFRecordListener(this, spNrt);
} catch (IllegalStateException e) {
:
} catch (Exception e) {
:
}
From the JSR 257 Specification: If the format is EMPTY or UNKNOWN the name must be
null. The record type names of NFC_FORUM_RTD and EXTERNAL_RTD record types
must follow the naming rules defined in the NFC Forum RTD specification. The record
type name must only contain characters in the US_ASCII character set.
37. Processing NDEFMessages
• Method recordDetected is invoked by
the platform, passing a NDEFMessage
• Get record and record type and other
information from the message
• Process the message according to message
attributes
38. Processing NDEFMessages
public void recordDetected(NDEFMessage ndefMessage) {
// Get records and record types from NDEF Message
NDEFRecordType[] rTypes = ndefMessage.getRecordTypes();
NDEFRecord[] records = ndefMessage.getRecords();
for (int i=0; i<records.length; i++) {
// Handle data, based on type of NDEFMessage
NDEFRecordType t = recordTypes[i];
NDEFRecord r = records[i];
byte[] id = r.getId();
long len = r.getPayloadLength();
byte[] p = r.getPayload();
// Process the record
// ...
}
}
39. Get Card Emulation Activity
Notifications
Applications are notified, and don’t
participate on the transaction per-se
42. Process Transaction Notifications
public void externalReaderDetected(byte slot) {
// Based on slot number above, using SATSA connect to
// applet, query applet, update screen, etc.
...
}
SATSA and JavaCard is outside the scope of this presentation
43. Using PushRegistry
to Launch NFC applications
Automatically
Automatic Application Launch is key to success
(acceptance) of NFC apps
44. PushRegistry to
Launch NFC application
• Static vs. Dynamic Registrations
– Static via JAD or Manifest files
– MIDlet-Push-<n>
– PushRegistry.registerConnection(...)
– ConnectionURL, MIDletClassName, AllowedSender
• Dynamic programmatically via PushRegistry API
– listConnections(), registerConnection(),
unregisterConnection()
– Once activated MIDlet must register NFC target listeners to receive notifications
• URL must follow proper naming, examples
– Tag containing Smart Poster RTD is discovered:
• ndef:rtd?name=urn:nfc:wkt:Sp
– Tag containing an URL is discovered:
• ndef:mime?name=text/x-uri
– For SE transaction activity notifications:
• secure-element:?aid=<aid_string>
47. In Conclusion
• Information Ubiquity, and Physical Interactions are
two very important concepts
– Short-codes, URLs, Visual tags, Radio tags
• JSR 257 Contactless Communication API allows for
new types of mobile applications, and new types of
physical interactions based on NFC, RFID, Visual
tags, and Smartcards
• Get familiar with JavaCard programming, and
SATSA, security elements and smartcards continue
to be important
48. Links of Interest
• Contactless API JSR 257 Specification
• SATSA JSR 177 Specification
• NFC Forum
• Nokia 6131 NFC FAQ
• Nokia 6131 NFC SDK
• Mobile Java Articles at Enrique’s blog
– http://weblog.cenriqueortiz.com/
49. And it has begun…
• Standards have been defined
• Handsets will start to appear this year in the
U.S.
• Carriers are paying attention
• Trials are happening
• New Companies are being formed…
• Is about convenience
• People are taking notice…
50. Thank You
C. Enrique Ortiz
Email: cenrique@ortiz.name
Phone: 512-635-4225
Skype: c.enrique.ortiz
Website: http://www.CEnriqueOrtiz.com
Weblog: http://weblog.CEnriqueOrtiz.com
MobileMonday Austin: http://www.MobileMondayAustin.org