A detailed introduction to the design scheme for mobile phone RFID smart cards

　　1 Introduction

　　In recent years, the market environment of the telecommunications industry has undergone tremendous changes. The trend toward the Internetization of communication services has become increasingly evident. Telecom networks are becoming increasingly channelized, telecom services are increasingly virtualized, and companies without networks can provide more and more communication services by using network channels. Traditional telecom operators, relying solely on simple voice and data communication for profit, are becoming increasingly unsustainable, and are shifting toward 'information services.'

　　On the other hand, with the rapid development of electronic technology, more and more functions are integrated into mobile phones, such as media playback, gaming, photography, navigation, and more. Mobile phones are no longer just communication tools but increasingly becoming comprehensive personal entertainment and information terminals. How to expand the functions of mobile phones, so that besides traditional communication via mobile networks, phones can also serve information technology applications such as mobile e-commerce, the Internet of Things, and media advertising that operators hope to enter, has been a key focus of research in the mobile communications field in recent years. Among these, mobile RFID technology has already achieved breakthrough results and begun commercial use.

　　Mobile phone RFID technology embeds RFID chips into mobile phones or mobile smart cards (SIM/UIM), integrating mobile phone functions with RFID functions. Users can swipe their phones to access financial services, shopping consumption, transportation services, identity authentication, and many other applications. Since RFID technology based entirely on mobile phones does not receive support from telecom operators, this article will mainly study the implementation schemes, current application status, existing problems, and development trends of mobile smart cards integrated with RFID RF functions (hereinafter referred to as mobile RFID smart cards).

　　2. Mainstream solutions for mobile phone RFID smart cards

　　Currently, mainstream domestic and international mobile phone RFID smart card solutions can be divided into two main categories based on operating frequency: 13.56MHz and 2.4GHz. Among them, the 13.56MHz solution can be further divided into eNFC solutions, dual-interface cards with built-in antennas, and dual-interface SIM phone customization solutions. The following explains four types of mobile RFID smart card solutions separately.

　　2.1 eNFC solution

　　The eNFC solution integrates the RF antenna and RF communication control functions into the mobile terminal, placing RFID data storage and processing functions on the phone's smart card. The card and phone communicate via the SWP protocol to achieve RFID and mobile phone integration.

　　The eNFC solution has been designated by 3GPP as an international standard, with comprehensive technology. Adopts the widely used 13.56MHz frequency communication in the industry, facilitating the transformation and implementation of cooperative services. However, eNFC solutions require replacing the phone and smart card, which is costly; Currently, there are few supported mobile terminals and smart card products, and the industry chain is not mature enough. Additionally, eNFC patents are concentrated in the hands of foreign companies Yasto and NXP, so large-scale domestic application of eNFC solutions may face patent awkwardness.

　　2.2 Dual-interface SIM phone customization solution

　　The dual-interface SIM phone customization solution integrates an RFID processing chip into the mobile smart card, integrating the RFID coil into the mobile terminal. The RFID smart card is connected to the terminal's coil via pins C4 and C8, enabling short-range communication. This solution adopts the widely used 13.56MHz frequency communication in the industry, facilitating the transformation and implementation of cooperative services. Terminal retrofit only requires integrating the antenna with the phone, making the modification relatively simple and cost-effective. The antenna is integrated into the terminal, improving card swipe stability. The drawback is that it occupies C4 and C8 contacts, conflicts with large-capacity card applications in international standards, and still requires customization for mobile terminals.

　　2.3 Dual-interface cards with built-in antenna solutions

　　This solution integrates an RFID processing chip into the mobile phone smart card and extracts an RFID coil from the smart card for short-range communication. The dual-interface card with built-in antenna solution uses the widely used 13.56MHz frequency communication in the industry, and does not require changing phones, making service implementation convenient and fast. However, because UIM cards come with large RFID coils, installation and use are inconvenient for users, they are prone to damage, card swipe stability is slightly poor, and user experience is poor. At the same time, it occupies C4 and C8 contacts, which conflicts with the large-capacity card applications found in international standards.

　　2.4G full SIM plan

　　The 2.4G full card solution is based on Bluetooth communication technology, integrating a Bluetooth RF RF chip into a mobile phone smart card. Through distance control algorithms and other technologies, on-site communication is possible, without the need for an antenna or to replace the phone, enabling mobile RFID card swiping, making service implementation convenient and fast. 2. The 4G all-card solution not only enables on-site card swiping, but also supports mid-range card swiping and reader applications according to business needs. However, because the 2.4G band is incompatible with domestic and international financial and transportation on-site payment standards, new POS devices are required for cooperative applications, making cooperation difficult and equipment upgrade costs high.

　　3 Current Application Status of Mobile RFID Smart Card Industry

　　Internationally, eNFC is the main standard, but due to weak demand, very few mobile devices support eNFC, and commercial cases of on-site mobile card swiping using eNFC solutions are rare. There are many on-site mobile card swipe applications in Japan and South Korea, but since their mobile terminals use an integrated device-card model, they do not fall under the mobile RFID smart card application model.

　　4. Problems with mobile phone RFID smart cards

　　Since 2009, riding the wave of mobile payments and mobile e-commerce, many types of mobile RFID smart cards have emerged domestically. Among them, the dual-interface card solution and the 2.4G full card solution have innovated and developed in mobile RFID smart card solutions, each holding a certain degree of independent patents. It can be said that research and application in the field of mobile RFID smart cards in China are at the international forefront. However, since the industry has just started, many problems still exist. The main manifestations are:

　　4.1 Inconsistent standards, first reflected in inconsistent operating frequencies. Currently, the mainstream RF operating frequencies are 13.56MHz and 2.4GHz. The 13.56MHz frequency is widely used in many industries outside of mobile RFID fields, but if mobile RFID smart cards use 13.56MHz, the large antenna problem must be addressed. The antenna is built into the card, resulting in poor user perception and stability; When antennas are placed on mobile terminals, they must be customized for the terminal, resulting in long development cycles and difficulty in large-scale commercial use in the short term. 2.4GH is ultra-high frequency, has good penetration, does not require a large antenna, and can fully integrate RFID functionality within a single smart card. Since it does not require mobile terminals, user perception is good, making it suitable for rapid large-scale adoption. The debate over working frequency has a long history; the choice of frequency directly affects business models, business models, and industry chain partnerships, making this issue very complex.

　　The lack of unified standards also manifests in interfaces and protocols. Mobile RFID applications include card and terminal (mobile terminals and POS terminals) domains, communication network domains, transaction processing domains, and other fields. Currently, there is no unified interface definition or interaction protocol standard among these fields, resulting in RFID smart card products developed by various institutions not interoperable even within the same operating frequency range. Taking the card-terminal domain as an example, the current transaction process and instructions between cards and terminals are not highly standardized. Indicators such as RF communication power, frequency deviation, and field strength between cards and terminals are not strictly defined, resulting in cards being unrecognized at different terminals or unstable card swiping.

　　4.2 Difficulty in multi-application support: Compared to ordinary mobile smart cards, RFID smart cards need to be loaded with communication, financial, university-enterprise, municipal, industry, and other applications. One card supports multiple applications, so the following issues still need improvement, including: (1) Planning and managing multiple types of applications within the card to ensure flexible loading and smooth upgrades. (2) Establish mutual isolation in the secure domain between multiple applications to ensure they do not interfere with each other. (3) Large capacity support: Currently, RFID smart cards have limited capacity, making it difficult to meet the loading needs of various applications.

　　4.3 Low communication speed between mobile phones and smart cards: For mainstream domestic mobile phone RFID smart cards (including dual-interface cards and 2.4G cards), over-the-air data transactions between the phone and smart cards are mainly conducted via data SMS. Limited by the speed of SMS, it cannot meet the dynamic loading and large-file updates of large amounts of data, which directly restricts the development of mobile terminal applications based on RFID smart cards, and can only be implemented through UTK menus.

　　4.4 Security needs further improvement: Mobile RFID smart cards currently support DES/3DES, RSA, and other algorithms, and their chips usually pass ELA4+ or ELA5+ security chip certification, meeting general requirements for small transaction security certification. However, for high-security applications such as large financial transactions and sensitive identity recognition, existing mobile RFID smart cards still struggle to support them.

　　5 Development Trends of Mobile RFID Smart Cards

　　Mobile smart cards have evolved from initial authentication modules into the main carriers of mobile communication business and service innovation. Smart cards not only provide user authentication functions and basic personal information management (such as contacts and SMS), but also offer services requiring high authentication levels, such as mobile banking, credit cards, electronic money, transportation cards, and stock trading. As telecom operators deepen their transformation into integrated information services, smart cards will evolve into integrated information service cards. To meet the needs of comprehensive information application development, smart cards are mainly developing towards the integration of RFID and SIM, large capacity, multi-application, high security, and high communication speed for SIM cards. Below, I will explore the development trends of mobile RF smart cards from three perspectives: application, technology, and industry.

　　5.1 Application Level

　　Mobile smart cards are secure and personalized, carriers are controllable, and they also serve as natural carriers for telecom customer identity identification. These characteristics determine that mobile smart cards will develop toward personal identity authentication, payment, mobile banking, mobile securities, and information query terminals. With a mobile RFID smart card, users can not only use their phone as a comprehensive financial service terminal, enjoying flexible and convenient financial and banking payment services, but also access to bus, company attendance, access control, and cafeteria services. At the same time, users can enjoy convenient information services such as life information inquiries and push discount notifications.

　　(1) Identity authentication applications: RF smart cards serve not only as user identity authentication modules for communication modules, but also as modules for digital authentication and digital signatures. By storing personal identification and related information on the user's RFID smart card, and using mobile phone RFID technology to read the user's information for authentication, it can conveniently perform identity verification services such as access control, attendance, and member identity verification. The RF card can also place a user's digital signature certificate. Through certificate authentication with the CA authentication center in the backend, digital signatures used in mobile e-commerce and mobile office use can be realized, ensuring transaction authentication, privacy, integrity, and non-repudiation.

　　(2) Mobile payment: Users can build offline e-wallets or online payment accounts into RFID smart cards. These wallets can be bank e-cash, bank card accounts, bus wallets, corporate campus cafeteria wallets, etc. Users can conveniently implement mobile e-wallet payments on contactless POS using contactless technology, completing product transactions and related service purchases. Users can also conveniently manage the wallet through the mobile UTK menu, such as balance inquiry, transaction history inquiry, password modification, air circle storage, and more. Additionally, users can purchase virtual electronic products, physical goods, services, and more via mobile internet, and enable remote payment via RF smart cards.

　　(3) Mobile Banking: Mobile banking provides customers with a comprehensive financial service platform. This platform integrates the bank's online banking functions into the telecom mobile menu as proprietary programs, or can be downloaded and installed on the phone. Using WPKI technology, users place digital signature certificates to ensure the security of mobile banking. Users can use this platform to perform functions such as transfers, remittances, inquiries, payments, and savings. After the non-pickup modules of bank ATMs are retrofitted in the future, they will be able to use their mobile cards to withdraw cash from ATMs. The close integration of mobile banking and mobile payment businesses will create a comprehensive financial service platform centered on mobile terminals and mobile RFID smart cards, providing customers with all-round financial services.

　　(4) Mobile Securities: Mobile securities is a new collaboration between telecom operators and brokerages. Clients can use mobile client software to query market trends and trade stocks, providing users with timely, comprehensive, and authoritative financial information, stock reviews, market analysis, and professional information gathering expert strategies, news analysis, and hot topic insights. At the same time, customers can conveniently trade and query various securities products in the Shenzhen and Shanghai markets via their mobile phones. To ensure the security of customer transactions, WPKI technology is used to place the customer's digital signature on the RFID smart card, which is authenticated by the authentication center at the mobile phone and the broker's backend authentication center, thereby guaranteeing the uniqueness, security, and non-repudiation of customer transactions.

　　(5) Information Inquiry: Mobile RFID smart cards can be accessed via the UTK menu to query life information, download games, download product coupons, and provide other information services. Users can also use OTA technology to update and manage STK/UTK menus in real time, allowing them to more independently set their preferred menu types and conveniently select and position their preferred value-added services. Mobile operators can operate OTA platform services to establish a complete set of standards for platform management, user management, SP management, business management, and billing management, working with SPs to build a complete mobile value-added service value chain and provide users with more and better value-added services.

　　5.2 Technical Aspects

　　To meet the development needs of the above comprehensive information applications, mobile smart cards must first solve two core technical issues: first, the integration of RFID contactless technology with the original contact technology of SIM/UIM cards; second, the multi-application, multi-security domain problem caused by the need to load multiple applications on mobile smart cards. Focusing on these two core issues, smartphone smart cards also need to address issues such as capacity, card speed, security, and smart card reader technology.

　　(1) The integration of RFID contactless technology with the original contact technology of SIM/UIM cards

　　The integration of RFID contactless technology and SIM card contact technology is a core issue in the development of mobile payment technology. The development of mobile payment business is based on the premise of integrating contact and contactless services. By combining both, traditional RFID technology is not only used for near-field payments, access control, attendance, and public transportation, but also meets the needs of traditional mobile phones. More importantly, the combination of these two creates a new business blue ocean. Specifically, through the phone's STK/UTK menu, you can easily check the balance, transaction records, and other related information on smart cards, and also use air ring deposit to recharge wallets, solving the problem of traditional bank card and transit card Issues like enterprise cards that cannot directly interact with customers in real time or facilitate management.

　　(2) Multi-application, multi-security domain management

　　Currently, mobile phone smart cards used by operators are mainly single-app cards, while multi-app smart cards are still in the trial phase. A single-app mobile smart card can only have one app and cannot directly add additional apps. The apps we commonly use, such as mobile stock trading and mobile banking, are implemented through STK/UTK. Smart cards are developing toward multi-application goals in the future. This architecture separates platform and application. Non-telecom applications or telecom value-added applications mentioned above can be fully built on this platform, and each application can comply with its own industry standards, such as EMV, PBOC, and social security standards, eliminating the need to install additional cards.

　　Multi-app mobile RIDF smart cards must support multiple logic channels. Logical channels are used for 3G user terminals to run smart cards in parallel across different applications. In addition to basic logic channel 0, there can be three logic channels, and at least one must be supported. The basic logic channel 0 is always present and open. After the card resets, logic channel 0 is used by default, and other logic channels can be opened (or closed) through this channel. Commands on each logical channel are independent of each other, with no interleaved commands and responses.

　　Since smart cards are loaded not only with telecom applications but also with applications from other industries, for security reasons, each industry has its own security key system, which requires smart cards to have security domain management functions. The multi-secure domain system provides a mechanism that allows you to define which commands execute under what conditions and what file access conditions must be met. The main contents of the security system include the following parts:

　　Security Properties: It is a collection of several access rules.

　　Access rules: Include one access mode and one or more security conditions. It mainly describes the security conditions that should be met when accessing a file in different ways.

　　Access mode: Indicates which operations the security conditions apply to. It mainly describes the access methods for the file, that is, which access commands can be used for this file.

　　Security conditions: Security conditions specify what kind of security-related processes must be met before executing a command on a document. It mainly describes which relevant security conditions or procedures should be met when accessing files using access commands.

　　(3) High security technology: When mobile RFID smart cards are used in personal identity authentication, mobile banking, mobile securities, and other services, security is the most critical factor. To provide highly reliable security for applications, future mobile RFID smart cards will integrate security chips to implement the WPKI (Wireless Public Key System) security mechanism, meeting financial institutions' reliable and highly secure authentication needs. WPKI stands for "Wireless Public Key System." It introduces the PKI security mechanism from internet e-commerce into wireless network environments, adhering to established standards as a key and certificate management platform system. It is used to manage public keys and digital certificates used in mobile network environments, effectively establishing a secure and trustworthy wireless network environment.

　　WPKI is not a brand-new PKI standard; it is an optimized extension of traditional PKI technology applied to wireless environments. It uses optimized ECC elliptic curve encryption and compression of X.509 digital certificates. It also uses certificate management public keys and verifies user identities through trusted third-party organizations—Authentication Centers (CAs)—thereby enabling secure information transmission.

　　(4) BIP protocol: 2G network SIM/UIM cards also have dynamic service download/delete functions, but all downloads are done via SMS channels, resulting in small data capacity, poor stability, and inability to download large application services. To meet the future needs of multi-app management and large-scale data downloads, mobile RFID smart cards must support BIP (Bearer Independent Protocol) protocol. By combining the BIP protocol with the USAT application, mobile terminals allow transparent data transmission between the mobile smart card and the remote server. The BIP protocol is more conducive to enabling high-speed mobile data transmission, making downloading various business data easier and faster.

　　(5) Demand for Large Capacity: As the applications carried on RFID smart cards increase, the demand for smart card capacity is also rising. Currently, mainstream dual-interface payment cards use a total of 80K of space, but in cooperation with banks, completing a complete PBOC2.0 application requires about 30K of space. If other functions are added, it may require over 50K of space, making it impossible for other apps to load. In the future, RF smart cards will not only support payment-related applications, but also information query and identity authentication applications, with urgent requirements for terabyte-level capacity.

　　(6) Card reader function: The future development of RF smart cards will not only be read as cards but also support the reader head to actively read information from other cards. Smart cards, as card readers, will be widely applied in the development of the Internet of Things. For example, in smart transportation, police can easily access vehicle information via mobile phones, while in smart homes, customers can conveniently access home appliance information via their phones. Currently, the only RFID smart card technology standards supporting this function are 2.4G full-card solutions and eNFC solutions.

　　5.3 Industry Development

　　(1) Frequency standard issues: The country has already begun formulating national standards for mobile payments. After considering factors such as technological maturity, security, patent protection, and the status of the industry chain, once the national standard is established, existing RFID technology solutions for various mobile phones will gradually be unified and integrated. Based on industry universality, the author predicts that the national standard for mobile payment is more likely to choose 13.56MHz. Technically, 2.4G RFID smart cards can integrate with 13.56M eNFC/SWP solutions, and leveraging their medium- and long-distance advantages, they are applied in special scenarios such as medium- and long-distance interactive services.

　　(2) RFID smart card format issues: Original mobile smart cards were basically Native cards, whose operating systems are proprietary by card manufacturers, making application development and loading inflexible, making it difficult to meet the multi-application requirements of mobile RFID smart cards. JAVA cards, on the other hand, are widely used on platforms and allow dynamic loading of applications, greatly facilitating the development and loading of applications within the card, meeting the needs of RFID smart cards for multiple applications and multiple security domains. In the future, mobile RFID smart cards will gradually migrate to JAVA cards.

　　Because JAVA cards are relatively expensive, programs require high hardware hardware (such as chip RAM space, card capacity, etc.), and card swipe response is slow. Although foreign carriers have started mass issuing cards, domestically, JAVA cards are just beginning to be applied in the telecommunications industry, and related suppliers lack sufficient technical reserves. Migrating mobile RFID smart cards to JAVA cards requires a certain process.