Mobile Payments on Android Using Host Card Emulation (HCE)

Transcript

1. MOBILE PAYMENTS
   ON ANDROID
   Sam Edwards
   @HandstandSam
   https://github.com/HandstandSam/HandstandPay
   

   View Slide

2. NFC
   NEAR FIELD COMMUNICATION
   

   View Slide

3. [VIDEO]
   WHAT IS NFC?
   

   View Slide

4. PRIMARY NFC USES ON ANDROID
   Static NFC Tags Android Beam Payments
   

   View Slide

5. NFC PAYMENTS ON ANDROID
   • NFC on Android 2.3 (December 2010)
   • Secure hardware element required
   • Restricted access to secure element
   because of manufacturers and carriers
   • HCE on Android 4.4 (October 2013)
   • HCE API released
   • Secure element no longer required
   5
   

   View Slide

6. HCE
   SECURE ELEMENT
   SECURE HARDWARE ELEMENT VS HCE
   

   View Slide

7. + =
   4.4+
   EXACT VIRTUAL REPRESENTATION OF
   A SMART CARD USING ONLY SOFTWARE
   Host Card Emulation on
   

   View Slide

8. 57.4% PHONES ON ANDROID 4.4+
   GOOGLE STATS AS OF AUGUST 3, 2015
   http://developer.android.com/about/dashboards/index.html
   

   View Slide

9. • Apple Pay exclusively
   • Secure element only
   • Open NFC and HCE APIs
   • HCE and/or secure element
   • Depends on hardware, OS &
   carrier restrictions
   ANDROID > IOS
   

   View Slide

10. OPPORTUNITY
    

    View Slide

11. US EMV MANDATE - OCTOBER 2015
    MSD
    MAGNETIC STRIPE DATA
    EMV
    EUROPASS MASTERCARD VISA
    

    View Slide

12. US EMV MANDATE - OCTOBER 2015
    INC
    “The party, either the issuer or merchant, who does not support
    EMV, assumes liability for counterfeit card transactions.”
    http://www.paymentsleader.com/will-retailers-be-ready-for-emv-by-oct-2015/
    

    View Slide

13. MORE TERMINALS, MORE PAYMENTS
    •
    http://www.bloomberg.com/news/2014-09-10/mobile-payments-forecast-hazy-with-a-chance-of-apple.html
    

    View Slide

14. BIGGEST PLAYERS IN
    US CONTACTLESS PAYMENTS
    

    View Slide

15. •
    Gets all the press
    •
    Apple controlled user experience
    •
    Secure element
    •
    Contactless & in-app payments
    •
    Apple hardware required
    

    View Slide

16. •
    US Beta started Tuesday &
    Launch on September 28th
    •
    Contactless Terminals
    •
    Secure element
    •
    Magstripe Terminals
    •
    Using LoopPay Technology
    

    View Slide

17. [VIDEO]
    HOW DOES LOOP PAY WORK?
    

    View Slide

18. •
    Google Wallet
    •
    Virtual MasterCard, charges to cards on file
    •
    Contactless and in-app payments
    •
    Android Pay
    •
    Requires card issuer integration
    •
    Tokenized version of original card
    •
    Contactless and in-app payments
    HCE IMPLEMENTATIONS
    

    View Slide

19. HANDSTAND PAY
    \
    https://github.com/handstandsam/HandstandPay
    

    View Slide

20. [VIDEO] HCE IN ACTION
    •
    Vending Machine
    •
    Walgreens
    •
    Panera
    •
    Duane Reade
    •
    Jet Blue
    [VIDEO]
    USING HANDSTAND PAY AT:
    VENDING MACHINE, WALGREENS, PANERA BREAD,
    DUANE READE, JET BLUE AIRLINES
    

    View Slide

21. SOME LESSONS LEARNED
    •
    Everyone calls it “Apple Pay”
    •
    Single tap? Double tap?
    •
    Airplane Mode disables NFC as well
    •
    Employees aren’t trained on contactless
    

    View Slide

22. PAYMENT APPS
    ARE HEAVY LIFTING
    Custom
    • Terminal communication
    • User experience
    • Payment credential management
    

    View Slide

23. • Must Extend
    • android.nfc.cardemulation.HostApduService
    • Purpose
    • Process and respond to terminal commands
    • Runs When
    • Device is tapped on terminal and you are the
    default for an AID
    HCE REQUIRES A HostApduService
    HostApduService
    

    View Slide

24. HostApduService
    @TargetApi(Build.VERSION_CODES.KITKAT)

    public class HandstandApduService extends HostApduService {

    

    @Override

    public byte[] processCommandApdu(byte[] commandApdu, Bundle extras) {

    

    byte[] responseApdu = …;

    return responseApdu;

    }
    @Override

    public void onDeactivated(int reason) {
    }
    }
    

    View Slide

25. HostApduService in AndroidManifest.xml
    android:name=".apdu.HandstandApduService"

    android:exported="true"

    android:permission="android.permission.BIND_NFC_SERVICE">

    

    

    

    

    

    

    android:name="android.nfc.cardemulation.host_apdu_service"

    android:resource="@xml/apdu_config" />

    
    

    View Slide

26. HostApduService CONFIGURATION
    android:apduServiceBanner="@drawable/front"

    android:description="@string/apdu_description"

    android:requireDeviceUnlock="false">

    

    android:category="payment"

    android:description="@string/aid_group_description">

    android:name="325041592E5359532E4444463031"

    android:description="@string/aid_ppse_description" />

    android:name="A0000000031010"

    android:description="@string/aid_visa_description" />
    

    

    
    

    View Slide

27. DEFAULT PAYMENT APP
    IN ANDROID SETTINGS
    [VIDEO]
    

    View Slide

28. DEFAULT PAYMENT APP [VIDEO]
    

    View Slide

29. DEFAULT PAYMENT APP
    public static void ensureSetAsDefaultPaymentApp(Activity context) {

    NfcAdapter nfcAdapter = NfcAdapter.getDefaultAdapter(context);

    CardEmulation cardEmulation = CardEmulation.getInstance(nfcAdapter);
    ComponentName componentName = new ComponentName(context, HandstandApduService.class);

    boolean isDefault = cardEmulation.isDefaultServiceForCategory(componentName,
    CardEmulation.CATEGORY_PAYMENT);

    

    if (!isDefault) {

    Intent intent = new Intent(CardEmulation.ACTION_CHANGE_DEFAULT);

    intent.putExtra(CardEmulation.EXTRA_CATEGORY, CardEmulation.CATEGORY_PAYMENT);

    intent.putExtra(CardEmulation.EXTRA_SERVICE_COMPONENT, componentName);

    context.startActivityForResult(intent, REQUEST_CODE_DEFAULT_PAYMENT_APP);

    }

    }
    

    View Slide

30. FAVOR FOREGROUND APP
    LOLLIPOP 5.0+
    [VIDEO]
    

    View Slide

31. FAVOR FOREGROUND APP FROM ACTIVITY
    @Override

    public void onResume() {

    super.onResume();

    if (isLollipopOrHigher()) {
    setAsPreferredHceService();

    }

    IntentFilter paymentSentIntentFilter = new IntentFilter(HandstandApduService.PAYMENT_SENT);

    LocalBroadcastManager lbm = LocalBroadcastManager.getInstance(PayActivity.this);

    lbm.registerReceiver(animationBroadcastReceiver, paymentSentIntentFilter);

    creditCardView.updateValues();
    }

    @Override

    public void onPause() {

    super.onPause();

    if (isLollipopOrHigher()) {

    unsetAsPreferredHceService();

    }

    IntentFilter paymentSentIntentFilter = new IntentFilter(HandstandApduService.PAYMENT_SENT);

    LocalBroadcastManager lbm = LocalBroadcastManager.getInstance(PayActivity.this);

    lbm.unregisterReceiver(animationBroadcastReceiver);

    }
    

    View Slide

32. FAVOR FOREGROUND APP
    @TargetApi(Build.VERSION_CODES.LOLLIPOP)
    public void setAsPreferredHceService() {

    boolean allowsForeground =
    cardEmulation.categoryAllowsForegroundPreference(CardEmulation.CATEGORY_PAYMENT);

    if (allowsForeground) {

    ComponentName hceComponentName = new ComponentName(context, HandstandApduService.class);

    cardEmulation.setPreferredService(PayActivity.this, hceComponentName);

    }
    }

    

    @TargetApi(Build.VERSION_CODES.LOLLIPOP)
    public void unsetAsPreferredHceService() {

    boolean allowsForeground =
    cardEmulation.categoryAllowsForegroundPreference(CardEmulation.CATEGORY_PAYMENT);

    if (allowsForeground) {

    ComponentName hceComponentName = new ComponentName(context, HandstandApduService.class);

    cardEmulation.unsetPreferredService(PayActivity.this);

    }

    }
    

    View Slide

33. HOW HANDSTAND PAY WORKS
    HostApduService Pay Activity
    Send Broadcast
    PAYMENT_SENT
    Start Activity
    

    View Slide

34. START ACTIVITY
    private void startPaymentActivityInBackgroundThread() {

    new Runnable() {

    @Override

    public void run() {
    //Start Payment Activity in background thread for HostApduService performance

    Intent intent = new Intent(getApplicationContext(), PayActivity.class);

    intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_SINGLE_TOP);

    getApplicationContext().startActivity(intent);
    }

    }.run();

    }
    

    View Slide

35. SEND LOCAL BROADCAST FROM SERVICE
    @TargetApi(Build.VERSION_CODES.KITKAT)

    public class HandstandApduService extends HostApduService {
    

    @Override

    public void onDeactivated(int reason) {

    isProcessing = false;

    Context context = getApplicationContext();

    LocalBroadcastManager lbm = LocalBroadcastManager.getInstance(context);
    //Send local broadcast message telling the app that the payment has been sent

    lbm.sendBroadcast(new Intent(PAYMENT_SENT));

    }
    }
    

    View Slide

36. RECEIVE LOCAL BROADCAST IN ACTIVITY
    public class PayActivity extends Activity {
    @Override

    public void onResume() {
    IntentFilter paymentSentIntentFilter = new IntentFilter(HandstandApduService.PAYMENT_SENT);

    LocalBroadcastManager lbm = LocalBroadcastManager.getInstance(PayActivity.this);

    lbm.registerReceiver(broadcastReceiver, paymentSentIntentFilter);
    }
    }
    

    View Slide

37. APDU TERMINAL COMMUNICATION
    

    View Slide

38. WAITING…
    APDU TERMINAL COMMUNICATION
    

    View Slide

39. COMMAND 1: SELECT PPSE
    •
    Do you support Proximity Payment Service
    Environment (PPSE)?
    •
    00A404000E325041592E5359532E444446303100

    •
    Yes, and we only support Visa.
    •
    F23840E325041592E5359532E4444463031A511BF0
    C0E610C4F07A00000000310108701019000
    http://blog.simplytapp.com/2014/01/host-card-emulation-series-swipeyours.html
    

    View Slide

40. STEP 2: SELECT AID
    •
    The terminal asks us to use Visa, because that’s
    what we told them to do.
    •
    00A4040007A000000003101000

    •
    We support Visa-MSD.
    •
    6F1E8407A0000000031010A513500B5649534120
    4352454449549F38039F66029000
    http://blog.simplytapp.com/2014/01/host-card-emulation-series-swipeyours.html
    

    View Slide

41. STEP 3: GET PROCESSING OPTIONS
    •
    Get Processing Options (GPO)
    •
    80A80000048302800000

    •
    Tell the terminal we only support Visa-MSD
    •
    80060080080101009000
    http://blog.simplytapp.com/2014/01/host-card-emulation-series-swipeyours.html
    

    View Slide

42. STEP 4: READ RECORD
    •
    Terminal requests payment data.
    •
    00B2010C00

    •
    Returns the Magstripe “Track 2”information.
    •
    701257104941594325785315D2406121100000409
    000
    http://blog.simplytapp.com/2014/01/host-card-emulation-series-swipeyours.html
    

    View Slide

43. HANDSTAND PAY
    VISA MAGSTRIPE DATA
    %B4941594325785315^YOU/A GIFT FOR^24061211000000040000000?
    ;4941594325785315=240612110000040?
    

    View Slide

44. WARNING
    HANDSTAND PAY HAS NO SECURITY
    

    View Slide

45. ON DEVICE SECURITY
    •
    Android 4.4+
    •
    Username/Password
    •
    Device Administration
    •
    Android M
    •
    New Fingerprint Sensor API
    •
    android.permission.USE_FINGERPRINT
    •
    FingerprintManager.authenticate()
    •
    Confirm Credential
    •
    Make sure user unlocked phone in last __ minutes
    http://developer.android.com/guide/topics/admin/device-admin.html
    https://developer.android.com/preview/api-overview.html#fingerprint-authentication
    

    View Slide

46. CLOUD-BASED SECURITY
    •
    Tokenization
    •
    Replace the PAN with limited use data that passes seamlessly through the
    payment system.
    •
    Keys
    •
    Expire quickly preventing their misuse.
    •
    Device Fingerprinting
    •
    Validate the phone. Data analysis provides real-time transaction assessment to
    identify unusual activity.
    •
    Transaction Risk Analysis
    •
    The more data used to measure and analyze, the better the overall security.
    

    View Slide

47. STATIC TOKENIZATION
    ACTUAL
    4941 1111 1111 1111
    TOKENIZED
    HAPPENS ONCE
    

    View Slide

48. DYNAMIC TOKENIZATION
    ACTUAL
    TOKENIZED
    4941 1111 1111 1111
    HAPPENS EVERY TRANSACTION
    4941 1111 1111 1112
    4941 1111 1111 1113
    

    View Slide

49. SEMI-DYNAMIC TOKENIZATION
    DPAN (TOKEN)
    4941 1111 1111 1111
    ACTUAL
    Rotating Keys
    4941 1111 1111 1111
    

    View Slide

50. HCE CONTACTLESS PAYMENT
    APDU Containing Cryptogram
    Send byte []
    $
    DPAN (TOKEN)
    4941 1111 1111 1111
    Key
    

    View Slide

51. HCE TOKENIZATION PROVIDERS
    

    View Slide

52. WHAT CAN I DO NOW?
    • Get a Visa Prepaid Card (or use your own at
    your own risk)
    • Try out Handstand Pay, fork it on Github and
    hack it
    • Check out Simply Tapp’s Mobile SDK for cloud
    based payments
    

    View Slide