Host-based Card Emulation: development, security, and ecosystem impact analysis

Equipping a smartphone with NFC (Near Field Communication) capacity adds new functions to it. One of these functions is the emulation of a contactless card, which enables the smartphone to realize commercial transactions (e.g. payment, loyalty and ticketing) through NFC enabled Point of Sale (POS). Initially, the card emulation related services were uniquely hosted on a secure element, e.g., SIM, and thus, their protection against security threats is ensured. Recently, Android proposed the Host-based Card Emulation (HCE) that enables an ordinary application to emulate a contactless card. Hence, the complexity and outlay of emulating a contactless card are reduced. In this paper, we clarify the concept of HCE, and present its history and current utilizations. We further compare HCE with SE-based card emulation in terms of security and development issues. Finally, we discuss the impact of HCE on the ecosystem of the NFC-enabled services.