Monthly Archives: November 2009

Chinese are coming

Posted by on November 29, 2009 No comments

China is a huge country. When you have the population of that much, it’s not logical to pay license fees, but better to develop your own standards. They did it on blueray equivalent media and on payment card applications. China has a payment system of its own, called CUP and NFC World’s latest article says that they will do the NFC on their own way too.

There’s also an interesting card manufacturer company in China, Watchdata. I have personally been following the products of Watchdata for a few years and they are really coming. When I first met with Watchdata dual interface cards, they did not had the EMV, so I was unable to use it. In time, they got the EMV certification and much more. I have seen their chip products replacing many competitors around the world. I saw Watchdata presenting their products around Europe in many respectable events.

Sim Pass is especially an interesting product of Watchdata. Instead of waiting for handset manufacturers to release NFC complaint devices, they developed a SIM card with an embedded antenna. This way, people have a handset which is capable of contactless payment transactions regardless of the handset they have. It’s a very innovative product of its kind, but I don’t think it will reach Europe, since it’s not the European way. But it’s quite a successful implementation step for the mobile contactless payments, that’s for sure.

my-d move from Infineon against NXP’s Mifare Ultralight

Posted by on November 15, 2009 No comments

Contactless chips for limited use have been popular in public transportation for some years. NXP, just like in mifare case, has been leading this market with mifare ultralight. Ultralight chips have limited memory and no crypto support, but have OTP (one time programmable) memory area which is perfect for enabling the restriction the limited use of the ticket. Later on NXP developed a next generation of Ultralight, which is called Ultralight C. Ultralight C supports 3DES in addition to its elder brother Ultralight. Good.

Of course, Ultralight is not the only product in the market. Infineon, as one of the strongest players in the semi-conductor manufacturers have a great product as a competitor to NXP’s Ultralight family called my-d move. my-d move is a member of my-d family of Infineon and has 128 bytes of memory for application and supports 32 bit password for authentication. It also supports password re-try counter feature against brute force attacks. Unlike Ultralight C, my-d move does not have any keys stored in the chip, but has a secure code which is written at the time of issuing the chip. Secure code is authenticated at the time of using the chip along with the password.

One great future of my-d move is, just like Mifare Ultralight, the support for NFC Type 2 Tag Operations. This practically means that my-d move can interact with NFC devices like handsets or other contactless readers. This opens a whole new world for these products. Infineon positions the product as a limited use media like single trip ticket for transportation or event ticketing. Imagine tickets for a rock music event being formatted by a cell phone on an over-the-air service. my-d move and Ultralight opens a gate for enabling projects like this. You can create the ticket with a mobile phone and then send the ticket data to central host over GPRS/3G connection of the mobile handset. You can also validate/invalidate tickets via NFC handsets. Great opportunity. One great addition to this would be the usage of the ticket for buying a drink inside the event. Or think of voting for polls displayed on kiosks with contactless readers and people voting and identifying themselves with the contactless ticket.

Basicly, my point is that these chips are great for any type of ticketing, not limited to limited use for transportation.

Apple’s implementation of NFC

Posted by on November 12, 2009 No comments

My previous post on Apple’s NFC support on iPhone got the most hits among all the content here. Luckily, it turns out that next generation iPhone will have the NFC support. Near Field Communications World.com’s post was linking the Apple Insider’s post, which has all the details of the patent application of Apple on sharing data between NFC enabled devices. Apple’s understanding of NFC is to syncronise devices over a contactless interface. Sounds logical.

In every NFC promo video, you can see people exchanging contacts and some other information by touching their phones to each other. It seems iPhone will be the first commercially available device to actually do this. I can imagine the ads of the next generation iPhone; how people will be touching their shiny iPhones to other iPhones, Mac Books, iPod Touchs and Apple TVs. This is a very good news for the NFC world.Think of people sending each other files between their iPhones. Banks, fast food restaurants, online stores, almost all types of businesses already have their own iPhone applications. I can imagine how the NFC chip will extend their applications into contactless loyalty schemes or secure identification media. My forecast is that payment will come later, possibly after people are convenient with their iPhone’s contactless ability. Of course the TSM context needs to be stabilised in the minds of decision makers of the payments industry. I hope this happens before the iPhone’s “possible” NFC boom.

On the other hand, just like touch screens, I think this move will lead to many handset manufacturers to follow the lead and integrate NFC chips into their products. Eventually this will lead MNOs to create their value added services on NFC hardware. Banks, transport operators, loyalty schemes, etc will have much more creative products. I think, and strongly believe that current NFC hardware and software developers will be securing their future -hopefully not in a long time.

A possible huge step for NFC

Posted by on November 6, 2009 5 comments

A recent post on Near Field Communications Group on Linkedin states that Apple is working on some prototype iPhones which have contactless reader. Here’s the full post:

Had to share this news. A highly reliable source has informed me that Apple has built some prototypes of the next gen iPhone with an RFID reader built in and they have seen it in action. So its not full NFC but its a start for real service discovery and I’m told that the reaction was very positive that we can expect this in the next gen iPhone. If Apple does it, expect every phone manufacturer and their sister to begin pumping out NFC enabled phones, at least for service discovery and sync. This just reinforces what we knew based on the two seperate patents Apple submited that had the iPhone enabled to read RFID tags. I’m told that the touch project video and the BT SIG’s specs were all driving forces to push this forward as well as other factors. Guess I’ll be touching my iPhone to my Mac to link them together to sync iTunes by next year.
Nokia has been the leader of NFC innovations in the handset world, but if this happens to be true Apple may go far ahead. And at the same time it will lead to a boom in NFC applications.

A recent post on Near Field Communications Group on Linkedin states that Apple is working on some prototype iPhones which have contactless reader. Here’s the full post:

Had to share this news. A highly reliable source has informed me that Apple has built some prototypes of the next gen iPhone with an RFID reader built in and they have seen it in action. So its not full NFC but its a start for real service discovery and I’m told that the reaction was very positive that we can expect this in the next gen iPhone. If Apple does it, expect every phone manufacturer and their sister to begin pumping out NFC enabled phones, at least for service discovery and sync. This just reinforces what we knew based on the two seperate patents Apple submited that had the iPhone enabled to read RFID tags. I’m told that the touch project video and the BT SIG’s specs were all driving forces to push this forward as well as other factors. Guess I’ll be touching my iPhone to my Mac to link them together to sync iTunes by next year.

Nokia has been the leader of NFC innovations in the handset world, but if this happens to be true Apple may go far ahead. And at the same time, it will definitely lead to a boom in NFC applications.

Mifare classic the legend

Posted by on November 2, 2009 No comments

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!

These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.

Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.

Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.

I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.

Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.

It’s quite common nowadays to talk about security leaks of mifare classic chips. It’s easy to “hack” the chip, clone it, read the contents of it without knowing the keys, and so on; the list goes on like this. Even the license holder NXP is recommending to migrate to mifare plus. Well not good for any product!
These words definitely don’t sound good, however there’s the fact that a huge number of mifare chips (more than one billion, according to unofficial sources of mine) are already being used for systems mainly transportation and access control. Many of these applications do not require anything more than reading a unique id. When it’s transportation or e-purse, it’s authenticating a few sectors and updating the purse balance.
Mifare was developed by an Austrian company called Micron. It was specifically designed for transportation and the name was chosen accordingly: Micron Fare Collection, which was Mi-Fare. The chip was very fast and providing a good level of security required for access control and transport ticketing environment. The memory structure is not flexible enough for today’s complex mechanisms but back then, I think it was more than enough.
Basically, mifare operating system has 16 sectors of secure memory protected by two 48 bit keys stored in the chip. Each sector has 4 blocks for storing data. Each block has 16 bytes of data storage. Each sector has one block reserved for keys and access conditions. Although not recommended, you can even use the keys as data storage.
I think the strength of mifare platform comes mainly from off-the-shelf readers and components widely available on the market. Today, designing a mifare application, developing it on readers and formatting the cards is quite a standardized process. You can find virtually unlimited number of products and companies providing mifare based application and systems. The “security” rules are also very well defined and documented.
Well, there’s been many projects that it was planned that mifare will be phased out. Or mifare is specifically blacklisted as a prerequisite. However, I strongly believe that mifare is quite a successful product and it has made a very good job for deploying contactless systems. If mifare did not exist, I think contactless systems would not be popular as it is today. Of course there are very strong competitors of mifare such as Legic, Calypso and Felica, but mifare is the most popular one among all. I will try to cover the competitors of mifare, which are all stronger than mifare in the security level, but not as much as deployed worldwide as mifare. This is actually the point that I’d like to point out with this post.