Open Source Trusted Service Manager for Inter-bank NFC Transactions

Abstract

Near Field Communication (NFC) is a short-range wireless connectivity technology mostly used with contactless card systems. These contactless card systems are popular in the transport industry for pre-paid cards and tickets, and are emerging into the Payment Industry. NFC is not confined to cards but is available in the form of stickers and also built into several mobile phones including Smartphones. NFC being embedded in Smartphone opens avenues for various new applications including the ability to use a Smartphone as a NFC Payment Card as well as a POS. There are a few commercially available applications in doing this; but is confined to a single service provider, usually a Bank or a Mobile Network Operator (MNO). Using NFC enabled Smartphones for Payment Systems will be most effective only if payments can be made between different Banks independent of the MNO. A Trusted Service Manager between different Banks, which is trusted by all participating Banks, fulfils this requirement. The objective of this work is to develop a secure protocol to enable inter-bank transactions using NFC enabled Smartphones and to develop a Trusted Service Manager being the mediator between different Banks. In this work we have used some features of existing EMV protocol as a guideline but have modified to suit the different requirements of Smartphone and also have used the extra capabilities of Smartphone being used as a card. A protocol was designed which meets the primary security objectives, and a prototype was implemented as a proof-of-concept to test the operation of the protocol. Several test cases were carried out using the prototype successfully, which proves that the designed protocol is workable. The writer suggests some additional features for a commercial implementation of the protocol which is left for future work.