Java Card Applet and Host-based Card Emulation of

2019-03-02 14:39发布

问题:

I would like to create NFC Payment Application based on Android Kitkat 4.4 which now support the NFC Card Emulation Mode for both not involving secure element and involving secure element.

I would like to let My Application involve a secure element. So, I have a question. The Android KitKat can let my application access to the java card applet which is installed into a secure element?

回答1:

No, while the Android HCE documentation lists the possibility to use secure element-based card emulation, there are several problems hindering the use of a secure element in current devices:

  1. Nexus devices have a proprietary API for access to embedded secure elements only (no API for access to UICC/SIM card-based secure elements seems to be available). However, newer Nexus devices seem to no longer include an embedded SE. Moreover, only Google (and possibly mobile network operators selling those devices) are able to use the permissions to access the SE API. (Otherwise you would need root permissions to add your app certificates to the list of permitted apps.)

  2. Nexus devices do not seem to enable the UICC for card emulation at all. Thus, even if you register applications for off-host card emulation, the UICC could not be used on such devices.

  3. Many other (non-Nexus devices) provide a secure element API based on the Open Mobile API (typically the SEEK-for-Android implementation or something based on it). Those devices seem to use that API mainly for access to a UICC/SIM card-based secure element. (No information about interaction with off-host card emulation service registration of Android 4.4 yet.)

  4. You need access to a secure element (i.e. you need to know the keys to install/manage applications on the SE). This is something that you typically don't get, unless you have a good cooperation with the device manufacturer (for embedded secure elements) or a mobile network operator (for UICC/SIM card-based secure elements).



回答2:

If with Secure Element you mean the SIM card or a special-purpose chip in the phone, the answer is no: Android still does not include an API to access a Secure Element. Apps such as wallets use one of two approaches:

  • Phone vendor-specific APIs providing access to the SE
  • Mobile operator-specific APIs providing access to the UICC/SIM card, which is also a Secure Element.

Both APIs usually follow the "Open Mobile API" by SIM Alliance, http://www.simalliance.org/en/about/workgroups/open_mobile_api_working_group/