Service Oriented Mobile Wallets with NFC

: Near Field Communication (NFC) technology integration with mobile phones has extended the way we use mobile devices. Instead of voice and text communication mobile devices can be used as credit cards to replace our wallets. In this study we have developed an NFC based mobile wallet with using Alcatel Lucent Mobile Wallet web services with provided functionalities such as accounts, e-money, loyalty cards, etc. These services are consumed from NFC mobile phones and NFC device is used for payments and secure store to keep user credentials in SIM Secure Element.


Introduction
World is getting more mobile day to day and technological improvements changes the way we use mobile devices. Instead of just communications, these devices can be capable of replacing our wallet with mobile phones. Different e-wallet approaches proposed for different use cases with different schemes. [1] in the study author presents a clientserver architecture for mobile payment system for public transportations. Security is handled by exchanging a key between client and server as encrypted and the systems security is based on the strength of the key. In the study it is aimed to have application specific model instead of general purpose usages. SIM Card only payment models and implementations are presented in the [2], [3] papers. The models use only Universal Integrated Circuit Card (UICC) to interact with mobile point of sale (POS) terminals for payment transactions. Since applications are limited to SIM card capabilities and the functionally such as payment history, card balance and money transfer from between parties either missing or can not be provided to the end user. In this study, we developed a rich secure mobile wallet using RESTful [4] web services provided by Alcatel Mobile Wallet Services (MWS) [5]. Mobile application consumes web services to present end user wallet functionality. The application specifically developer for NFC based mobile phones to benefit all NFC functionalities available such as Secure Element and contactless payment. This paper is organized as follows: Section 2 describes NFC technology. Section 3 presents developed solution and Section 4 concludes this paper and presents future work.

Near Field Communication
This section will briefly introduce NFC technology and its applications.

Near Field Communication (NFC)
NFC is a short-range wireless communication technology, which enables identification and data transfer within 4cm or less. NFC operates in 13.56 MHz with maximum 424kbps data rate. A comparison of wireless technologies is shown in Figure 1. NFC communication standards are based on RFID ISO/IEC 14443 and FeliCa [6]. NFC devices can operate on three modes: card emulation, peer-to-peer and read/write mode. Card emulation can emulate an RFID tag which is useful for combining all RFID keys in a single mobile phone. Architecture's overview of NFC is shown in Figure 2. First bottom layer shows analog specifications of a NFC device e.g., RF fields and strengths. Digital protocol specifications are digital implementations of ISO/IEC 18092 and ISO/IEC 14443. NFC activity specifications describe required activities for communication [6]. In the architecture NFC Data Exchange Format (NDEF) defines message-coding formats for NFC applications. Also, Record Type Definition (RTD) describes how to construct records in NDEF messages [6]. Logical link protocol defines set of operations used in peer-topeer mode of NFC device such as link activation, supervision, deactivation etc. Simple NDEF Exchange Protocol (SNEP) enables NDEF message exchange in peer-to-peer mode [6]. NFC can be used to communicate devices through directly reading device data or establishing a Bluetooth link to communicate. This This will enable NFC enabled medical devices to be communicating with our NFC mobile phones to exchange data [7].
In our design, NFC enabled mobile phones are used to communicate web services, secure elements and mobile terminals for contactless payment operations.

NFC Applications
NFC technology provides benefits to its users and so far %40 of the research is the develop NFC-based applications [7]. In general NFC applications are evaluated in three common categories: smart environment, mobile wallets and data exchange application. Smart environment applications usually work on read/write mode of the device and smart posters are the most common application types in this environment [8], [9], [10].

Developed System
Application environment consists of several components with different technology stacks. At the higher-level Alcatel-Lucent Mobile Wallet Services (MWS) provides necessary web services through http protocol. Our mobile clients consume RESTful services and add secure NFC functionality. These security is maintained SE, it is responsible for storing critical information securely on SIM.

SE (Secure Element) Application
In the project Giesecke & Devrient (G&D) SDK and G&D UICC SIM cards used for development. G&D SDK has built-in tools for writing, compiling and debugging Java Card applications with simulator. Also, SDK includes additional devices and tools for on device deployment and debugging. SE application is the responsible part for secure communication through mobile phone. Also it is capable of executing necessary operations. End users can perform following operations on SE: • Update user credentials • Update application PIN • Make payment (without PIN) • Make payment with PIN Whenever user touches his phone to NFC Pos for payment operation, NFC Terminal selects appropriate applet and communicates with SE through set of APDU commands. As illustrated in Figure 3. payment processes executed in the following order and if everything is OK, payment will be processed. SE communications are performed by APDU commands, and data format is shown Table I.
As an example following sequences show simple payment scenario (for security reason this is example data, not applicable for real environment).

Mobile Application
Developed All of these functionality is implemented by mobile clients so, users are able to perform money card, loyalty card or coupon card operations on their mobile phones. Whenever a user logs in to the system with mobile phone, user credentials are requested from server and securely stored in SE in the SIM. Simple and minimal user interfaces design approach is selected for mobile clients. Blackberry application sample interfaces are shown in Figure 4, Figure 5 and Figure 6. In Figure 4

Conclusion
Improvement in the mobile technology changed the way we used our phones and added more functionality. NFC enabled mobile devices can be used for mobile payment systems to replace our credit cards with our mobile phones. In this paper, we have developed two core applications and a test terminal application for NFC based mobile wallet system. First part of the application involves SE development, which took place in SIM card with Java Card technology. Second part contains end user interfaces and MWS communication layers.
Both sections are developed and tested in real life scenarios and use cases. Our study is focused to develop solid secure NFC based mobile wallet with REST based web services. User data is protected by SIM-SE securely with user defined PIN code. Critical user credentials and payment secrets are kept in SIM-SE, mobile phone itself doesn't store any sensitive information. This design is successfully implemented and tested in several cases. As future work, we will integrate our application for new released NFC supported mobile phones also, we will test SE based application on different SIM vendors to increase application availability.