I wanted to know what NFC Execution environment means actually. In forum documents it is described as "An environment, either built into the NFCC or connected to the NFCC, where NFC applications are executed. The NFCEE may be included in entities with various form factors, some of which can be removable or replaceable.". But the Device Host(an application microprocessor like OMAP or Snapdragon) is the one which interacts with NFCC, as per my understanding in the mobile environment. Can anyone give me a example of what NFCEE can be - I mean is it another hardware module(if yes, which) or an android library to execute apps? What does "form factor" refer to?
The Execution Environment is in most cases a hardware module.
Newer SIM cards have a pin to connect the SIM to the NFC chip. Inside the SIM an application (payment for example) can run in a secure environment and talk to the NFC chip. Payment goes from a sales terminal through the NFC chip directly into the SIM without ever passing data through the application processor. So there is no easy way for malware to monitor or modify the payment process. That's a simplified view of the secure aspect.
Other execution environments are:
Embedded Secure Elements. These are in a nutshell SIM cards that are in the same package as the NFC controller chip. Your Android Phone most likely has one of these, called the SmartMX chip.
SWP (Single Wire Protocol) enabled SD-Cards. Same thing as a SIM, but in the form factor of an SD card.
The concept doesn't end here. There are for example experiments to move the execution environment to the application processor. For ARM CPUs there is the TrustZone extension which allows to execute code on the main CPU while still beeing secure.
In the Android API Execution Environments do two things:
they allow you to enable or disable the secure element by setting a route. The route configures when the secure element is active (e.g. has access to the NFC chip) and when disabled. Currently there are two routes in use: Route off (turns off the entire EE) and Route_OnWhenScreenOn (EE active when screen is on and unlocked).
For secure elements that are connected exclusively to the NFC chip (embedded secure elements) the Execution Environment also offers a secure way to exchange data from the application processor to the embedded secure element. This is used to install applications within the embedded secure element (among other things).
That's it in a nutshell.
Related
Suppose I have a SIM (which can be used to send SMS when plugged onto a phone of course), how can I send SMS using this SIM number when the SIM is not plugged to any device(i.e., just put it away)? Note: I don't mind what platform the sms is sent from (e.g., it can be sent from a PC, a smart phone), so any possible solutions? I don't mind solutions which involves coding or programming (e.g., by calling APIs) as well.
Note highly simplified/high level answer:
In order to send an SMS, USSD, Call or Data etc the Mobile Network will need to provide the device with a special "key" that is used in the communications. I.e. to send and SMS you will need an encryption key to tell the network to send an SMS.
The issue is that this key is dynamic, it changes based on network configuration. The only way to get a key is to use your SIM as it contains a component of the key.
SIM cards (and Bank chip cards) are really a marvel as they are a very good example of superb security, they have been around in Billions of units for more than 30 years, but have and continue to thwart hacking attempts for the most part.
To answer your question, You need the SIM card to get access to production mobile networks.
If by saying "SIM is not plugged to a phone" you still Ok about SIM to be plugged into some other device - you defintely can use USB/GSM-modems and standalone GSM-gateways.
Also you may want to consider hardware solutions such as GSM-gateways+SIM-banks. SIM-card is placed in the special non-GSM box (SIM-bank) and available for remote commutation into GSM-box (gsm-gateway) via Internet/Ethernet. Commonly SIM-bank holds hundreds of sim-cards remotely available, and GSM-gateways have only few dozens of real gsm-channels (due to hardware cost saving). Everything is controllable via manufacturer-specific API and/or GUI.
I was wondering that how can all different network devices have different MAC ID's.
is it hardcoded separately for each device ? (extremely unlikely..since in production nobody would like to change the code and recompile and load the program...)
or
a switch is used to set the address
or
is it loaded from the ROM ?
or something else ..
Many networking interfaces use EEPROMs that come pre-programmed with EUI-48 or EUI-64. They use EEPROMs to store configuration settings and other data anyway, so they don't have any additional cost using the pre-programmed EEPROMs other than the chips ending up slightly more expensive per 1k. Programming each device with a unique ID would however incur additional cost.
For instance, 24AA02xE is an I²C SEEPROM with pre-programmed EUI-48/EUI-64 at standard addresses. 93AA46AE48 is an SPI SEEPROM with pre-programmed EUI-48 that's directly compatible with LAN9xxx Ethernet Controllers.
I'm not affiliated with Microchip. I used their chips in a hobby project and noticed the datasheet mentioning the EUI-48 features.
To learn CB, I've decided to browse the services on my iPhone. I'm finding a few, but except Battery and Time, the others are "Unknown". What is it?
Some services have defined UUIDs (such a battery and time) and these are listed on the Bluetooth Developer Portal. The defined services also have a set of defined characteristic IDs
BLE also allows developers to specify their own service and characteristic UUIDs - since the chance of collision for random UUIDs is infinitesimal, there is no requirement to register these, but organisations may choose to document them. Apple's notification center service defines some, for example, and many chipset/module vendors define services to make it simpler for developers to use their modules.
Looking at my Fitbit Flex I can see device information and battery services - these are well known, as well as two unknown services which, presumably, FitBit use to transfer activity and configuration information to and from the device. Short of trying to reverse-engineer their protocol there is no other information available on these services and characteristics.
For my master thesis I'm investigating the possibility to use an NFC enabled phone for opening off-line door locks. These locks currently work with DESFire cards which contains authorisation data. Furthermore, the card is also used to update configurations and obtain maintenance messages to/from the lock. The goal is to update and read this information to/from the lock via an application on the phone that communicates with an external server over the internet ultimately making the exchange of this information more efficient.
Currently, I think the best choice for getting card emulation to work is to use an SD card with NFC and a secure element. This provides two possibilities:
1) A possibility is to implement a custom made java card applet that emulates a DESFire card. Theoretically, this should be feasible as DESFire cards optionally supports APDUs (ISO7816).
2) Some of the NFC SD cards available on the market offer DESFire emulation as a ROM.
I've the following questions:
For option 1 I wonder what will happen if the off-line lock / reader initiates communication using DESFire 'native' commands instead of APDUs. Is it possible to interpret non-APDU commands from java card? If not, it probably means it will not work?
Is it possible to manage the content of an emulated DESFire card in option 2? The NFC SD cards that I saw provides a proprietary API to access the secure element. It allows this by transceiving APDUs. The emulated DESFire, however, is not a java card applet in this case but it is a ROM which may or may not support this communication with APDUs.
I know this question is not strictly related to programming. But I found that there are quite some people on stackoverflow with expertise on NFC related topics. In fact, I found most of my information here.
Thanks
In order to answer 1 you would need to examine carefully ETSI 102 705 and see if the API lets you process CLT events (lower level protocol exchanges) instead of the contactless chip. I think this is unlikely.
In option 2 there surely is a way to manage the contents, otherwise the proposed desfire emulation would be totally worthless, but this might end up being partly proprietary, or requiring a substantial effort in cryptography, in which case you need to obtain the right keys.
All in all, if I were you, I would do ISO7816 (14443-4) card emulation using javacard, and forget about all the NXP proprietary stuff, which is built to make you buy licenses and associated software solutions.
The question would be much clearer when use a concrete e.g,
Lets say I need to topup my mobile , I have two options
top up using sim services [UICC with OTA]
top up using a mobile-top-up-app (a hypothetical mobile app) [web-services https ]
my question is, what is the main advantage of option 1 over 2? what is so important about OTA?
OTA works out of the box as a 2G service (as such it benefits a huge coverage). It is supported by all devices regardless of brand, OS, country. The system also covers retrys to some extent. It will incur minimal cost to your customer, especially in roaming situations.
Using a data pipe works too, but you need to have an app deployed and running in the end-user's device.