Accelerating Deployment of Open NFC Mobile Commerce Applications

Introduction
Driven by the convergence of standards, core technologies, devices and associated industry alliances, 2011 is poised to be the catalytic launch year for commercial Near Field Communication (NFC) handsets. Two key factors will influence the acceleration of open NFC mobile commerce application deployments in 2011 and beyond: First, the adoption of true open standard software protocol stacks within NFC devices, and second, the adoption of a common authentication framework for new NFC applications.

The Emergence of NFC Mobile Commerce
The tidal shift created by Apple’s introduction of the touch screen-based iPhone with multiple simple-to-use applications and the introduction of similar smartphones is changing consumer electronics, computing and communications markets. With smartphones, consumers’ retail commerce exchanges can become richer and finer-grained, giving retailers the ability to tailor applications for a specific shopping experience rather than having all roads lead to a shopping cart checkout.

Because many applications for new smartphones focus on retail sales and services, the mobile payment infrastructure is a perfect match for the app-centric smartphone world, in which the handset is the consumer point of interaction, and the requirements for facilitating commerce between a consumer and a merchant are vastly simplified.

The emerging mobile-commerce ecosystem requires security services that provide for strong authentication of the consumer and retailer, and the convenience of interacting via multiple wireless connectivity channels. The NFC wireless standard addresses both security and short-range wireless connectivity and will become a dominant force in consumer-to-retailer interactions starting in 2011.

Recent announcements from Google, RIM executives and wireless operators have confirmed the industry’s march towards commercial NFC rollouts. Google CEO Eric Schmidt initiated the flurry of action last month when he demonstrated a prototype NFC phone and pledged support for NFC services in the next Android release.

Wireless operators AT&T Mobility, T-Mobile and Verizon Wireless recently announced ISIS, a joint venture to build a nationwide mobile commerce network utilizing smartphone and NFC technology. The joint venture is working with Discover Financial Services’ network to develop an extensive mobile payment infrastructure with Barclaycard US as the first issuer on the network offering multiple mobile payment products.

Opening Up the NFC Application Development
Over the course of the last 18 months, lead NFC solution providers have launched NFC software stack and their associated deployment strategies. While different in their approaches and the depth of the stacks provided, all aim at supporting multiple handset ecosystems. INSIDE Secure’s approach was to release its stack to the open source community, where it has been broadly downloaded. In this time of redefinition of the mobile offering between proprietary and open OS, this would tend to demonstrate the general interest of the mobile industry and the application development community to explore the potential of NFC-enabled services.

Generally, open stacks are architected to interface with different chip hardware using a distinct hardware abstraction layer. They should support open construction of NFC applications in multiple mobile device ecosystems with NFC hardware from various competitors through a simple interface of alternative NFC chip hardware abstraction layers.

To be truly open, such NFC stacks should support several levels of functionality – from low-level RF control to high-level NFC Forum tag handling, peer-to-peer communications, as well as Bluetooth and Wi-Fi pairing, interactions with single-wire protocol SIMs and other secure elements and compatibility with smart cards and RFID tags based on FeliCa, MIFARE and ISO 14443 standards. Similarly, an open stack will have to offers a comprehensive set of NFC APIs and code for different operating systems, such as Android, Linux, MeeGo and Windows Mobile. Lastly, support should be provided for payment applications standards driven by EMVco, OSPT Alliance, GlobalPlatform and other open standards communities.

NFC is a complex technology that must be made easy to integrate for device manufacturers and easy to develop for application developers. To drive the adoption of NFC technology, it is necessary to seed the NFC market by placing the software required to drive NFC-enabled devices into the open source community, encouraging public review, comment and evolution (the approach taken by INSIDE). This will lead to mobile device solutions that are open and unbiased with respect to underlying NFC hardware, compatible across mobile device ecosystems and facilitate creation of NFC applications.

The alternative – proprietary, vendor-biased and closed mobile device ecosystems and silos – will hamper the growth of the NFC application market. NFC software stacks in mobile device ecosystems must truly be open to deliver multi-sourcing options to mobile device manufacturers to ensure software developers have common and consistent interface definition and to allow the NFC ecosystem to grow.

A New Authentication Framework for Driving New NFC Applications
The vision of multiple NFC applications working seamlessly with flexible consumer choice of these applications on smartphones is compelling. However, achieving this in light of current legacy contactless applications, a proprietary bias among application owners and technology providers and the lack of an envisioned framework is daunting.

The introduction of common application protocols for contactless interface and authentication is a major hurdle. While core RF protocols are standardized, the current deployed base of contactless applications is a case study of proprietary, silo-oriented, heavy-to-migrate development. The 13.56Mhz contactless standards used for cards and NFC in North America have a large deployed base of contactless readers, including MasterCard PayPass, Visa payWave, American Express ExpressPay, Discover Zip, First Data CertiFlash, Interac Flash, HID iCLASS, NXP MIFARE, ICAO for ePassport and others. Each scheme performs an authentication function and provides for secure data exchange. Yet each is distinct and requires different implementations within the reader or acceptance device and the in-card or NFC-enabled device.

Each application and technology provider scheme works well on its own. However, challenges loom when you factor in multi-applications, the variety of mobile devices, a fast-moving mobile application market and expectations of flexibility from consumers. Extending this scenario to the global market creates an even greater cost, complexity, flexibility/extensibility challenge for device manufacturers.

The situation for legacy infrastructure is complex and should not be replicated for new NFC contactless applications. Imagine Starbucks, Wal-Mart, Carrefour and Hertz all immediately demanding their own distinct contactless applications.

To have NFC applications and services flourish requires a simple, common authentication framework built upon a common core protocol and strong open standard authentication scheme. In this manner, user interface applications – along with cloud-based applications and services, such as secure NFC payment, retail commerce, transit and ID applications – can be more easily introduced. A close parallel is the introduction of SSL for browser/server authentication and message security in the mid-1990s. Imagine if Netscape, AOL, Yahoo, Amazon and other early eCommerce players had chosen not to implement a standard. The situation for secure NFC application enablement is similar.

Mobile Commerce, Circa 2015
Imagine using an NFC smartphone to “tap” into a retail shop, much like a physical login, then conducting a rich, interactive exchange with the retailer to compare products, take a survey, inquire about specials, redeem a coupon, make a payment or receive loyalty points. Such an NFC-enabled smartphone could easily support dozens of retailer applications and retailer payment schemes, dispensing with the inconvenience of dealing with multiple private label, retailer-specific payment cards.

Bringing NFC to an open application-development world is an important first step, as Google has acknowledged in its Android announcement. Now is the time to ensure that this Android release is truly open and supports a broad range of NFC hardware implementations while enabling the application developers for this new generation of secure applications. For Android and other mobile device ecosystems, the adoption of open standard NFC software stacks is essential to ensure that a vibrant ecosystem develops.

An explosion of NFC applications will only happen if the industry can agree on a framework for authentication and application messaging that is open, secure and consistent. As SSL was to eCommerce, such a new framework should be to NFC mCommerce.