Archive for the ‘ NFC ’ Category

EMVCo released handset requirements for contactless mobile payment

By maintaining the specifications of the banking card applications, EMVCo has a huge effect on banking card business. Visa and MasterCard developed  their own implementations (VSDC and M/Chip respectively) based on EMV specifications. They are almost identical, they have a few configuration changes. Contactless applications payWave and PayPass are also based on EMV specifications, however they were developed before EMVCo released a contactless specification.

It seems EMVCo is ahead of Visa and MasterCard this time, they released requirements for contactless payments by handsets. There are already implementations of Visa and MasterCard’s applications on handsets, but all of them have been dropped before launch -after pilot phase.

Basically, a mobile application is a user interface for accessing the EMV compliant payment application running on the secure element of the handset. Secure element can reside on the NFC controller of the handset or on the SIM card.

What EMVCo requires for these applications are;

  • Application should have a soft/hard key for easy access. If it’s a soft key, it must be accessible from the main/home screen.
  • Application should inform the handset/card holder when a contactless transaction is in place.
  • Application should be secured by a password and it should be configurable to enable/disable the application.
  • There should be an indication of contactless capability, just like the bluetooth icon.
  • Handset shall provide a mechanism to notify the application when it is powered off.

It is a good effort to draw the boundaries of the environment and will lead the players in the industry to have a single user experience. It seems we will see more mobile payment applications on the market -hopefully in the commercial level rather than pilots.

Original document can be found here.

2010
06/30
CATEGORY
NFC
contactless payment
devices
emv
Write comment

Nokia : comes with NFC

Nokia has always been the pioneer handset manufacturer in the NFC environment since the beginning. Nokia released the SDK of handsets with secure elements located in the handset and in the SIM over SWP years ago. So, I had felt disappointment to hear that the long awaited handset supporting NFC Nokia 6212 was canceled.

Fortunately, Nokia announced that all new Nokia smart phones will support NFC starting from 2011. There’s even more; the secure element will be located every location possible on the handset, not only in the SIM. This means that every player in the NFC space will have their chance to play in the game. Near Field Communications World reports that Nokia Executive Vice President for Markets Anssi Vanjoki made the announcement on Mobey Forum‘s 10th year anniversary in Helsinki.

This is a great news, not only for NFC enthusiasts, but for Nokia, too. Nokia has fallen apart from the smart phone wars (in terms of application store-wise) and I think this will be a big step for Nokia in the smart phone market. I think a killer NFC application will help a lot.

Edit : Turns out that it will be a feature of upcoming Symbian 4 platform and only selected handsets will have NFC support. For details please see here.

2010
06/22
CATEGORY
NFC
Write comment

No NFC support on iPhone 4

All those rumors on iPhone having an NFC chip inside turned out to be incorrect after yesterdays WWDC10 event. It seems there are also no plans in the near future.

NFC community was waiting this announcement in great excitement, since it would definitely boom the NFC era, but unfortunately it seems we will go only for Android in the near future. There has been news around the NFC APIs in the Android environment that they are stable now, depending on the hardware of course.

While Micro SD card based solutions are already out there awaiting for commercialization, I think that next big step now should be the availability of NFC chips and antennas in the upcoming Android devices.

2010
06/08
CATEGORY
NFC
Write comment

Payment vs. ticketing

Contactless cards are penetrating into more and more market segments day by day. The three most common use cases of contactless cards are clearly ticketing, payment and access control. Now let’s skip the access control and compare the ticketing and payment use cases.

Work Flows

Functional requirements of a contactless ticketing application are generally store a balance, contract, expire date and a log space. Typical work flow of a contactless ticketing transaction is as follows:

  • Identify the card in the field
  • Authenticate the card and the ticketing terminal
  • Read the contract from the card
  • Read the previous transaction logs -if necessary
  • Compute the fare
  • Debit the card with the fare
  • Write the transaction log

When it comes to payment, the work flow of a contactless EMV payment is as follows:

  • Identify the card in the field
  • Authenticate the card and the terminal
  • Debit the card
  • Store the transaction log

As you can see, the main difference of the payment and the ticketing work flow is the fare calculation based on some variables like contract type of the card and the previous transactions performed and stored in the application. This is something EMV is still uncapable of. Both Visa and MasterCard are already working on ticketing extensions of payWave and PayPass, however they will still have many barriers ahead even if the specification are completed and first samples are out for testing.

Authentication and cryptography

EMV relies on RSA and Triple DES, while ticketing applications use mainly DES variants and AES. Contactless EMV transactions are quite secure with DDA (Dynamic Data Authentication) and it is a perfect solution for an interoperable environment of different banks.

Almost all ticketing systems are proprietary and each transport operator or provider has its own application. Every system has its own infrastructure and interoperability between ticketing systems are quite rare. So each system has its own authentication alghoritm and of course key types and lengths.

Main differences

EMV is designed for securing the transaction between card and terminal, terminal and host systems, host system and the card. It’s the underlying standard of Visa, MasterCard and JCB. Each organization has its own application of EMV but  essentially they are mostly identical. Contactless ticketing application depend heavily on the chip platform and operating system they are using. Every transport authority, system integrator or solution provider has its own ticketing application. There are efforts in Europe to standardize the ticketing applications but they are not mature enough yet. So basically ticketing is proprietary for now.

Some time in the near future, payment and ticketing is supposed to meet on the NFC platform, but it seems it’s still a long way there.

2010
06/06
CATEGORY
NFC
contactless payment
emv
Write comment

Almost reality: mobile payment with iPhone

Visa has been working for some time on mobile payment space with DeviceFidelity for porting the Visa contactless applications into the MicroSD environment. We’ve already heard many news that Apple is also quite interested on the same subject and now finally that seems to be a reality, according to a post on Engadget.

Apple has been submitting patent application for the next generation iPhone on NFC objects. However, I strongly believe that the secure element will be under the control of Apple, not the carrier or the user -if an iPhone with NFC support is to be released. So Visa is heading on to its own path. What I understand from the news is that a PayWave application running on a MicroSD card will be attached to iPhone through a special casing. It seems we will see the application available on iTunes in the long run. And it’s name is In2Pay.

Although there’s not much detail on the project in general, I think that it will be specific to US, which will essentially switch the transaction interface from magnetic stripe to contactless for payment, not more. Of course a transaction history kind of details must be available in the application. The aplication will be secured by password

It’s a good move from Visa to provide a solution to mobile payment space over the iPhone platform, but I believe it will take quite a time to make the application commercially available. If it comes quickly, it will definitely be the killer application for me to buy an iPhone!

DeviceFidelity’s white paper also indicates that other mobile platforms are supported. More importantly, In2Pay v2 will have OTA support for personalization and multiple bank accounts will be available. v2 will have the full NFC environment from couponing to payment.

I strongly recommend to download the white paper from DeviceFidelity (requires a very short registration)

2010
05/19
CATEGORY
NFC
Write comment

Highlights from Cardist 2010

3rd Cardist Card & Smart Technologies Exhibition & Summit is held in Istanbul between 12-14 May 2010 with the main sponsorships of BKM, Visa and MasterCard.

Here are my highlights from the exhibition:

Garanti & Avea announced a mobile payment product based on mobile phones. Payment is processed by the application running on SIM card and the SIM card has an external antenna attached. This way, there’s no need for an NFC based handset, all handsets can be used with. it. Garanti Bank already has more than 1 million contactless credit cards issued and clearly the market leader in contactless payments in Turkey.

BKM, the national switch of Turkey announced the pilot project to run on NFC handsets in which BKM acts as the TSM. 6 banks are attending the pilot project.

Oytek demonstrated their NFC solutions running on Nokia 6212. The application has a paid balance, ticketing and couponing extensions. There’s also a kiosque with a contactless reader and an NFC poster application to complete the NFC picture.

Banksoft was awarded with the contactless pre-paid card program which was developed for Halk Bank’s Bank 24 Visa contactless card. Smartsoft is also awarded with their pre-paid platform as well.

Payment Cards&Mobile, which I think the best magazine on contactless systems was also present in the exhibition as they were in the last two ones.

Belbim, the technology provider of Istanbul Municipality -including the electronic ticketing for public transport- exhibited their validators and surrounding devices. Belbim has developed a DesFire application for Istanbul public transport but somehow it’s still not been released for public use.

KentKart was also present and demonstrated contactless only validators and vehicle tracking systems.

2010
05/17
CATEGORY
NFC
contactless payment
emv
Write comment

Calypso the ticketing master

When we talk about transport ticketing, Calypso is the technology we must discuss first. Calypso is a transport ticketing system built by the transport operators. It was designated to match the transport ticketing requirements from functional flow to security mechanisms. The main identifier of Calypso is that it requires a micro processor card. This enables all the security required by complex transportation environment.

So, what is Calypso?

Calypso is a ticketing application developed and maintained by Calypso Association. Calypso Association, based in Brussels, Belgium, was established by RATP and technology provider Innovatron in 1993. Later on, group of European transport operators from Belgium, Germany, France, Italy and Portugal joined the association. Calypso ticketing application is currently being used by various European public transport systems.

In the Calypso world, you can define various players into a single card (now the term “portable object” is used though, rather than “the card”) and they can share the same balance. The technical design of the application supports multi-application by nature. Different contracts can be installed on to a single card which are protected by different key sets. Each Calypso chip has a set of derived keys from master keys. DES and DESX (an implementation of DES against brute force attacks) can be used for authentication. Calypso requires its own SAM card for authentication which is a pre-requisite of modifying the data in the chip.

Unlike typical mifare designs, you are restricted by the boundaries and transaction flow developed by Calypso, but it covers almost anything that can be expected in a transport ticketing environment. Calypso applet runs on micro processor chips, so authentication is quite strong (and fast)

Calypso Association plays an innovative role towards the NFC era and they seem to be ready for the NFC evolution. (I wish I could say revolution, by the way) Calypso applet runs on various card operating systems varying from Infineon to Watchdata chips, including NXP’s JCOP family. Of course this includes any secure element in the NFC world.

Based on my personal experience, I can say that Calypso is an equivalent of EMV in the banking payment world. Both of the applications are quite well designed, already running on millions of chips and getting ready for the future.

2010
04/05
CATEGORY
NFC
calypso
contactless payment
transport ticketing
Write comment

Gemalto joins Open Handset Alliance

Gemalto announced that Gemalto joined the Open Handset Alliance. I  find this a very good news for the NFC world.

Android platform was an initiative by the Open Handset Alliance. Almost all of the researches point out that Android will be one of the most popular mobile operating systems of (very near) future. Android runs not only on mobile phones but a range of mobile devices varying from netbooks to internet tablets. I believe Android will penetrate into more devices like running on  embedded systems.

So what does Gemalto’s joining to Open Handset Alliance mean in terms of contactless systems? First of all, Gemalto is the first and only company on secure payment and identification technology in the alliance. Gemalto is clearly the biggest company that has the expertise on the application level security for payment/identification chips, which I believe will boost the NFC implementation on Android OS. Gemalto has all the necessary know how and sources for developing a generic NFC API for Android which will encourage handset manufacturers for more handsets supporting NFC. On the application level, this will lead the huge Android developer community to implement many NFC applications – and not only payment.

Since it’s now widely believed that next generation iPhone will have some kind of contactless interface, now almost all major mobile platforms (Symbian- of course, iPhone and now Android) will have native support for NFC.

2010
04/01
CATEGORY
NFC
devices
Write comment

First DESFire implementation on a SIM platform

Mifare emulation has been around for some years. Mifare emulation simply refers to an application running on a chip card operating system. The application emulates the native mifare chip and responds the mifare readers as if it is a mifare chip. Of course there are some considerations when implementing a mifare emulation. First of all, it is not native mifare and the terminal software needs to be updated accordingly to recognise the chip. Secondly, mifare emulation is not as fast as a native mifare chip so some parameters must be updated to transact with the mifare emulation applet.

These have been done since some time, but Gemalto has started a new era by implementing the DESFire application on a SIM/UICC. Even the owner of the technology -NXP, does not officialy have DESFire emulation yet. It’s a huge thing in terms of innovation. However there’s still some time before a DESFire enable transportation system is to accept an NFC handset device with a Gemalto SIM/UICC.

Gemalto has been aggressive on the contactless market almost since its start and this is clearly a result of it. Read the full press release here.

2010
02/27
CATEGORY
NFC
contactless payment
desfire
transport ticketing
Write comment

NFC on Mobile World Congress 2010

In my perspective, NFC was the rising star of the Mobile World Congress 2010. In the first day of the event, the agenda of the session was mobile money. A balanced selection of speakers from carriers to technology companies provided a mind opening content.

The first outcome of the day for me was that NFC is something that you can not expect a single task, but there is a need for companions. I mean, a simple mobile wallet application will not be enough for people to make it a killer application. Mobile coupon style add-ons as well as making the content accesible to user through the handset is crucial. People already have credit cards, debit cards, transportation cards, etc for making the payment. Why would the user have switch it to a handset instead of a card?

Secondly, all the parties are ready to jump on the band wagon but it still needs some time for the boom. We’ve already seen many pilots and even a commercial roll out in Japan, but there’s still some more time ahead.

Mobile World Congress 2010 had also an NFC event for platinum pass holders with a Samsung handset.

It was interesting to see that SIM cards are having more and more abilities for mobile payment applications. Gemalto announced a new SIM card which is able to run a DESFire ticketing application. I also had a product presentation of a SIM platform with NFC support from Giesecke&Devrient.

Finally, BarclayCard announced an iPhone application which can accept contact EMV chip cards with the PIN support. Just like the US version running from magnetic stripe interface, Barclay’s one has a contact chip card reader attached to the iPhone and the terminal software runs on the iPhone OS.

2010
02/22
CATEGORY
NFC
contactless payment
desfire
1 comment