HCE (Host Card Emulation)
A technology that allows Android smartphones to emulate NFC smart cards without a hardware secure element. The card data is hosted in the phone's main processor and OS, enabling software-based mobile payments and access control.
What Is HCE?
Host Card Emulation (HCE) is a technology introduced in Android 4.4 (KitKat, 2013) that enables smartphones to emulate NFC smart cards entirely in software, without requiring a hardware secure element. HCE routes card emulation mode traffic directly to an Android application running on the device's main processor, democratizing NFC payment and access control development.
How HCE Works
In traditional card emulation, the NFC controller routes all incoming commands from an external reader to a hardware secure element, a tamper-resistant chip that stores cryptographic keys. The host processor is not involved in the transaction. HCE changes this routing so commands go to an Android service instead.
The architecture involves three layers:
- NFC controller. Detects the RF field and handles the physical layer (NFC-A or NFC-B protocol).
- Android NFC service. Routes incoming Application Protocol Data Units (APDUs) to the registered HCE service based on the Application ID (AID).
- HCE application. Processes APDUs, performs authentication, and returns response data.
When a POS terminal sends a SELECT command with a specific AID, Android routes it to the HCE service registered for that AID. The application then handles the full EMV transaction flow in software.
HCE vs Secure Element
| Aspect | HCE | Secure Element |
|---|---|---|
| Key storage | Software / TEE / cloud | Tamper-resistant hardware |
| Provisioning | Over-the-air (OTA) | NFC controller or OTA |
| Carrier dependency | None | Often requires carrier agreement |
| Offline transactions | Limited (token pool) | Full |
| Development access | Open (Android API) | Restricted (requires SE access) |
| Used by | Google Pay | Apple Pay |
The most significant advantage of HCE is openness. Before HCE, deploying a card emulation application required negotiating access to the SIM-based or embedded secure element with mobile carriers or device manufacturers. HCE removed this barrier entirely.
Security Model
HCE compensates for the absence of hardware key protection through several mechanisms:
Tokenization. Instead of storing the actual card PAN (Primary Account Number), HCE applications use limited-use tokens issued by the card network. Each token is valid for a small number of transactions and is geographically restricted, minimizing fraud risk if the token is compromised.
Cloud-based keys. Cryptographic keys for generating transaction cryptograms can be stored on a remote server and fetched as needed. This requires network connectivity but provides strong key protection.
Android Keystore / TEE. On supported devices, keys are stored in the Trusted Execution Environment (TEE), which provides hardware-backed isolation without a dedicated secure element.
Applications Beyond Payments
HCE enables a wide range of NFC applications beyond contactless payment: building access control, loyalty cards, transit passes, student IDs, and corporate badges. Any ISO 14443-4 smart card application can be emulated using HCE, making it a versatile platform for NFC-based identity and access solutions.
Related Terms
Related Content
What Is NFC? A Complete Introduction
Getting Started…Card emulation — backed by a secure-element or HCE — powers payment systems like Google Pay and Apple Pay.…
NFC vs RFID: Detailed Comparison
Getting Started…No equivalent standard Contactless payment Yes (via emv , hce ) Limited (proprietary) NFC Forum certification Mandatory…
Android NFC Programming Guide
Programming…use IsoDep and exchange raw APDUs. Host Card Emulation (HCE) hce lets an Android app emulate a contactless card…
iOS Core NFC Programming Guide
Programming…iOS Android Background tag reading iOS 14+ (NDEF only) Yes HCE (card emulation) No (NFC Express/Secure Element only) Yes…
Python NFC Programming Guide
Programming…uTrust 3700F USB ISO 15693 + 14443 Sony RC-S380 USB P2P / HCE capable PN532 breakout SPI / I2C / UART Raspberry Pi /…
NFC Security Deep Dive
Security…tags secure-element Key compromise eSE, UICC (SIM-based), HCE (software) Secure Element vs HCE The secure-element (SE)…
NFC Reader Modules Compared
Hardware…15693, Felica, NCI I2C + IRQ 80 mA $3–6 Production Android HCE host ST25R3916 STMicroelectronics 14443A/B, 15693, NFC-V,…
NFC for Payments
Industry…Stores credentials, signs transaction secure-element or HCE POS terminal Initiates transaction, routes to acquirer ISO…
Frequently Asked Questions
The NFC glossary is a comprehensive reference of technical terms, acronyms, and concepts used in Near Field Communication technology. It is designed for developers, product managers, and engineers who work with NFC and need clear definitions of terms like NDEF, APDU, anti-collision, and ISO 14443.
Each glossary term is cross-referenced with related NFC chips, standards, and other terms. For example, the term 'AES-128' links to chips that support AES encryption (NTAG 424 DNA, DESFire EV2/EV3), and the term 'ISO 14443' links to all chips compliant with that standard.
Yes. NFCFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai. Use the language selector in the header to switch languages.