Introduced in Android KitKat (4.4) as a standard feature to enable the mobile to be used as a contactless card. Sotware residing in the device is used instead of a secure elemenet (SE).
For sensitive NFC transactions (ticketting, payments) security is important.
- User credential is securely established in the trusted application
- User credential persisted securely using the Kinibi secure file system
- Secure channel established with the NFC reader
- For payments, the TEE can calculate cryptograms
- Logic associated with use of the credential implemented by the trusted application
- Trused user interface to approve transactions