{"id":1109,"date":"2014-09-20T14:47:05","date_gmt":"2014-09-20T14:47:05","guid":{"rendered":"http:\/\/www.gmarwaha.com\/blog\/?p=1109"},"modified":"2014-10-05T03:41:04","modified_gmt":"2014-10-05T03:41:04","slug":"mobile-payments-what-is-hce","status":"publish","type":"post","link":"https:\/\/www.gmarwaha.com\/blog\/2014\/09\/20\/mobile-payments-what-is-hce\/","title":{"rendered":"Mobile Payments: What is HCE?"},"content":{"rendered":"

What is HCE?<\/h4>\n
\n
<\/div>\n<\/div>\n

Previously, we discussed about Secure Element<\/a> and how it enables payment transactions in card-emulation<\/a> mode. We also briefly discussed that SE\u00a0is not the only choice available. Today,\u00a0we also have HCE as an alternative. HCE stands for Host-based Card Emulation<\/code>.\u00a0As its name suggests, it has something to do with\u00a0card-emulation<\/a> mode. But what does host-based mean? Before we talk about what host-based means, let’s review how things were before\u00a0HCE.<\/p>\n

Prior to HCE, the only way to emulate a card using a mobile NFC<\/a> device was to use a Secure Element. Let’s take the Android platform as an example. Here, the host operating system (Android in this case) and its apps do not get involved with a payment transaction at all.<\/p>\n

\"se-ce\"<\/p>\n

When a consumer holds the device over an NFC terminal, the NFC controller in the device routes all data from the reader directly to the Secure Element. The Secure Element itself performs the communication with the NFC terminal, and no Android application is ever involved in the transaction. After the transaction is complete, an Android application can query the Secure Element directly for the transaction status and notify the user. This is the approach used by ApplePay<\/a> as well<\/p>\n

This SE\u00a0based approach is inherently secure and that is a very big advantage. But, there are some downsides\u00a0too. The SE owner owns the key to the kingdom. All others will have to go through complex business models, partnerships, and dependencies to gain access and it makes the whole process that much more\u00a0complex and expensive. Moreover, the SE itself has only\u00a0limited storage capacity and processing speed.<\/p>\n

The alternative is to use Host-based Card Emulation.\u00a0Here,\u00a0the host operating system (Android) and its apps gets involved with a payment transaction.<\/p>\n

\"hce-ce\"<\/p>\n

When a consumer holds the device over an NFC terminal, the NFC controller in the device routes all data from the reader directly to the Host CPU on which Android applications are running directly. Then, an\u00a0Android application (a Mobile Wallet) that deals with a particular payment application can do its magic and\u00a0provide for the card emulation requests and responses.<\/p>\n

Since the host CPU is inherently insecure, any mobile wallet worth its salt will not store the real payment credentials inside the phone. Google Wallet for example moves all such data to a hosted cloud environment, and that is where the\u00a0secure storage and secure processing takes place. In essence, we have moved the Secure Element from inside a chip to a cloud environment (HCE Cloud) instead.<\/p>\n

This approach has its downsides – like security and a need for data connection. This does not mean that your private information is vulnerable. We can still have a very high degree of security\u00a0using other technologies. Payment card Tokenization<\/code> is one of them and we will discuss it in an upcoming post.\u00a0On the bright side,\u00a0the complex business models, partnerships and access restriction to SE can be dramatically simplified. This enables payment application issuers to easily provision to the cloud and get it over with.<\/p>\n

Using SE-based Card Emulation and Host-based Card Emulation is not an\u00a0either-or scenario though. Android allows both to co-exist in the same\u00a0NFC enabled device and offers\u00a0tools and technologies to work with both of them as shown in the diagram below.<\/p>\n

\"se-hce-dual-ce\"<\/p>\n

All the above diagrams were taken from Android developers<\/a> website.<\/p>\n

Mobile Payments Blog Series<\/h4>\n
\n
<\/div>\n<\/div>\n

Welcome to the Mobile payments FAQ and\u00a0not so FAQ<\/a>\u00a0series\u00a0and you are on FAQ\u00a0#15.\u00a0The idea behind this series is to\u00a0share and learn as much as possible about the field of mobile payments.\u00a0If you like, you can read all of the FAQs on the Mobile Payments<\/a>\u00a0category or by visiting the Table of contents<\/a> page.<\/p>\n

Related Reading<\/h4>\n