Table of Contents Author Guidelines Submit a Manuscript
Mobile Information Systems
Volume 2016 (2016), Article ID 5046284, 20 pages
http://dx.doi.org/10.1155/2016/5046284
Research Article

A Tokenization-Based Communication Architecture for HCE-Enabled NFC Services

NFC Lab-Istanbul, Department of Information Technologies, ISIK University, 34980 Istanbul, Turkey

Received 28 April 2016; Revised 16 October 2016; Accepted 26 October 2016

Academic Editor: Laurence T. Yang

Copyright © 2016 Busra Ozdenizci et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. V. Coskun, B. Ozdenizci, and K. Ok, “The survey on near field communication,” Sensors, vol. 15, no. 6, pp. 13348–13405, 2015. View at Publisher · View at Google Scholar · View at Scopus
  2. V. Coskun, K. Ok, and B. Ozdenizci, Near Field Communication (NFC): From Theory to Practice, John Wiley & Sons, London, UK, 1st edition, 2012.
  3. B. Ozdenizci, V. Coskun, and K. Ok, “NFC internal: an indoor navigation system,” Sensors, vol. 15, no. 4, pp. 7571–7595, 2015. View at Publisher · View at Google Scholar · View at Scopus
  4. Smart Card Alliance Mobile and NFC Council, “Host Card Emulation (HCE) 101, White Paper,” 2014, http://www.smartcardalliance.org/wp-content/uploads/HCE_Webinar_FINAL_061815.pdf.
  5. N. Prakash, “Host card emulation,” International Journal of Scientific and Research Publications, vol. 5, no. 8, pp. 1–3, 2015. View at Google Scholar
  6. P. Urien, “Cloud of secure elements: an infrastructure for the trust of mobile NFC services,” in Proceedings of the 10th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob '14), pp. 213–218, Larnaca, Cyprus, October 2014. View at Publisher · View at Google Scholar · View at Scopus
  7. P. Urien, “Towards token-requestor for epayment based on cloud of secure elements and HCE mobiles,” in Proceedings of the IEEE 1st Conference on Mobile and Secure Services (MOBISECSERV '15), pp. 1–2, Gainesville, Fla, USA, February 2015. View at Publisher · View at Google Scholar · View at Scopus
  8. N. Saparkhojayev, A. Nurtayev, and G. Baimenshina, “Access control and management system based on NFC-technology by the use of smart phones as keys,” Middle-East Journal of Scientific Research, vol. 21, no. 7, pp. 1130–1135, 2014. View at Google Scholar
  9. GlobalPlatform, https://www.globalplatform.org/mediaguideSE.asp.
  10. M. Reveilhac and M. Pasquet, “Promising secure element alternatives for NFC technology,” in Proceedings of the 1st International Workshop on Near Field Communication (NFC '09), pp. 75–80, Hagenberg, Austria, February 2009. View at Publisher · View at Google Scholar · View at Scopus
  11. L. Kanniainen, “Alternatives for banks to offer secure mobile payments,” International Journal of Bank Marketing, vol. 28, no. 5, pp. 433–444, 2010. View at Publisher · View at Google Scholar
  12. SmartCard Alliance, “Host Card Emulation: An Emerging Architecture for NFC Applications,” 2015, http://www.smartcardalliance.org/activities-events-host-card-emulation-an-emerging-architecture-for-nfc-applications/.
  13. M. Alattar and M. Achemlal, “Host-based card emulation: development, security and ecosystem impact analysis,” in Proceedings of the IEEE International Conference on High Performance Computing and Communications, Paris, France, August 2014.
  14. Mobey Forum, The Host Card Emulation in Payments: Options for Financial Institutions, White Paper, http://www.mobeyforum.org/the-host-card-emulation-in-payments-options-for-financial-institutions-3/.
  15. SIM Alliance, Secure Element Deployment & Host Card Emulation, Version 1.0., 2015, http://simalliance.org/wp-content/uploads/2015/03/Secure-Element-Deployment-Host-Card-Emulation-v1.0.pdf.
  16. PCI DSS, “Tokenization Guidelines Version 2.0,” 2011, https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_Info_Supplement.pdf.
  17. EMVCo, EMV Payment Tokenization Specification, Technical Framework, 2014, https://www.emvco.com/specifications.aspx?id=263.
  18. D. Ortiz-Yepes, “A critical review of the EMV payment tokenisation specification,” Computer Fraud & Security, vol. 2014, no. 10, pp. 5–12, 2014. View at Publisher · View at Google Scholar · View at Scopus
  19. B. R. Williams, “How tokenization and encryption can enable PCI DSS compliance,” Information Security Technical Report, vol. 15, no. 4, pp. 160–165, 2010. View at Publisher · View at Google Scholar · View at Scopus
  20. FIPS140-2 Security Requirements for Cryptographic Modules, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf.
  21. W. Hubis, An Introduction to Key Management for Secure Storage, White Paper, http://www.snia.org/sites/default/files/Hubis-W_Introduction_to_Key_Management.pdf.
  22. SANS, Transparent Data Encryption: New Technologies and Best Practices for Database Encryption, White Paper, https://www.sans.org/reading-room/whitepapers/analyst/ transparent-data-encryption-technologies-practices-database-encryption-34915.
  23. “Securosis, Understanding and Selecting a Database Encryption or Tokenization Solution,” White Paper, https://securosis.com/assets/library/reports/Securosis_Understanding_DBEncryption.V_.1_.pdf.
  24. OASIS KMIP, Key Management Interoperability Protocol, https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip.
  25. “Google Wallet,” https://www.google.com/wallet/.
  26. Apple Pay, https://developer.apple.com/library/content/ApplePay_Guide/index.html#//apple_ref/doc/uid/TP40014764-CH1-SW1.
  27. M. Ramachandran and V. Chang, “Towards performance evaluation of cloud service providers for cloud data security,” International Journal of Information Management, vol. 36, no. 4, pp. 618–625, 2016. View at Publisher · View at Google Scholar
  28. C. Tang and J. Liu, “Selecting a trusted cloud service provider for your SaaS program,” Computers & Security, vol. 50, pp. 60–73, 2015. View at Publisher · View at Google Scholar · View at Scopus
  29. J. Bonneau, C. Herley, P. C. Van Oorschot, and F. Stajano, “The quest to replace passwords: a framework for comparative evaluation of web authentication schemes,” in Proceedings of the 33rd IEEE Symposium on Security and Privacy, pp. 553–567, San Francisco, Calif, USA, May 2012. View at Publisher · View at Google Scholar · View at Scopus
  30. Android Developers, Host-based Card Emulation, http://developer.android.com/guide/topics/connectivity/nfc/hce.html.
  31. GlassFish Server, https://glassfish.java.net/.
  32. Windows Azure, https://azure.microsoft.com.
  33. G. Madlmayr, J. Langer, and J. Scharinger, “Managing an NFC ecosystem,” in Proceedings of the 7th International Conference on Mobile Business, pp. 95–101, Barcelona, Spain, July 2008. View at Publisher · View at Google Scholar · View at Scopus
  34. K. Ok, V. Coskun, B. Ozdenizci, and M. N. Aydin, “A role-based service level NFC ecosystem model,” Wireless Personal Communications, vol. 68, no. 3, pp. 811–841, 2013. View at Publisher · View at Google Scholar · View at Scopus
  35. N. Kshetri, “Privacy and security issues in cloud computing: the role of institutions and institutional evolution,” Telecommunications Policy, vol. 37, no. 4-5, pp. 372–386, 2013. View at Publisher · View at Google Scholar · View at Scopus
  36. Cloud Standards Customer Council, Security for Cloud Computing Ten Steps to Ensure Success, White Paper, http://www.cloud-council.org/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf.
  37. Cloud Security Alliance, “SecaaS Implementation Guidance Category 8: Encryption,” https://cloudsecurityalliance.org/download/secaas-category-8-encryption-implementation-guidance/.
  38. ISO 27017, Information Technology—Security Techniques—Code of practice for information security controls based on ISO/IEC 27002 for cloud services.
  39. ISO 27018, Information Technology—Security Techniques—Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
  40. E. Shmueli, R. Vaisenberg, E. Gudes, and Y. Elovici, “Implementing a database encryption solution, design and implementation issues,” Computers & Security, vol. 44, pp. 33–50, 2014. View at Publisher · View at Google Scholar · View at Scopus