The secure chip standards body is working on a new approach to the management of NFC secure elements that would allow consumers to pick their own ‘trusted token’ and appoint their own secure service provider.
Secure element standards organisation GlobalPlatform has announced plans for a new way of managing secure NFC services that has the potential to revolutionise the way NFC is delivered — and looks set to cause significant disruption to the business models being used in the current generation of mobile wallet services being offered by Google and by mobile network operators around the world.
Rather than a secure element, and its associated mobile wallet service, being provided by a carrier or an over-the-top player such as a handset or operating system supplier, GlobalPlatform’s concept enables consumers to take control of their own secure element — known as a trusted token — and choose their own trusted service provider, known as a trusted token provider.
In a new white paper, GlobalPlatform explains in detail how the concept would work:
The consumer-centric model begins with an end user purchasing a Trusted Token supplied by the Trusted Token Provider. A Trusted Token is defined as a chip-based item owned by the end user that serves as the end user’s personal security container; the Trusted Token is capable of securely hosting applications sourced from third party service providers. The end user both owns the Trusted Token and makes decisions related to service management.”
The white paper explains that these Trusted Tokens could come in a variety of form factors, including an embedded secure element, NFC SIM, microSD, USB token, ID-1 card or a device containing a trusted execution environment (TEE). These trusted tokens “could be acquired by end users in any way that the market deems appropriate — a retail store, a service contract with a mobile operator, etc,” says GlobalPlatform. “What is important is that the end user is empowered and allowed to choose the Trusted Token independently from (and prior to) the services for which it will be used.”
The association — whose members include the major payments networks, industry suppliers, mobile network operators and handset makers — says it has “committed resources to this initiative due to a readiness from its members to support this model and develop the required technology to manage a consumer centric approach.”
“It is becoming increasingly evident that the consumer centric model is inevitable as consumers become more comfortable with downloading applications onto their devices and are requiring more and more protection of their private data and value added services,” says Gil Bernabeu, technical director of GlobalPlatform. “To ensure widespread adoption, however, it is important that the model evolves in a standardized manner and that the industry collaborates to develop a secure and fully interoperable landscape.”
“We are calling on other industry associations across all markets engaged in delivering value added applications and secure services to consumers to provide contributions to this model to ultimately speed up mass market deployment,” he adds.
The full white paper can be downloaded free of charge from GlobalPlatform’s website. Readers interested in providing input to GlobalPlatform’s work can email firstname.lastname@example.org to register their interest.
NFC World’s take:
Here at NFC World, we have to agree with Bernabeu’s assertion that this kind of option is an “inevitable” requirement — for some consumer demographics at least, as well as for many B2B applications.
Not all consumers are likely to be sufficiently interested or technically aware to be bothered with buying their own trusted token. Many will be happy to use the default solution that comes with their phone, especially if that is provided free of charge and there is a separate price to pay for a trusted token.
But, as we found when researching our ‘NFC Business Models‘ report, the more open the approach taken to deploying NFC, the more service providers will be pulled into adopting the technology and the more comfortable consumers will be about using the technology.
In our latest report, ‘The NFC Market 2012‘, we also point out that “concerns over security consistently top the list of reasons why consumers are not in favour of using their mobile phone to make payments” and went on to say:
As commercial services begin to become a reality, concerns over consumer privacy and ownership of data are set to come to the fore. Will consumers be happy for anyone to own their mobile wallet? Will they demand that they and only they should own the master keys to their wallet? Or will they prove happy to share data in exchange for special offers and discounts?
What do readers think? Would the ability for consumers to own their mobile wallet drive adoption of NFC services? Or, as NFC becomes part of consumers’ daily lives, will they not really care?