Mobile phone reading data from a watch!

Due to an NFC project I am currently involved in, I have an iCarte dongle from WDI. Luckily, I also happen to have a Mifare watch from LAKS from a previous project.

I was browsing the AppStore and found this great app, iCarte Reader by which you can read and write mifare chips over an iPhone with an iCarte dongle. Since I already have a cool mifare gadget, my LAKS watch, I began to impress my friends by using my iPhone to read and write data to my watch!

This is a true contactless show case for me; my phone and watch exchanging data over the contactless interface. How cool is that!

Foursquare experimenting NFC

The most popular location based mobile platform Foursquare announced that they are experimenting with NFC with NFC Android phones on Google I/O. People with the latest Android Foursquare application will be able to check in Google’s event if they have an an Android device with NFC chip.

The photo is quite self explanatory. I personally think that this is the great use case for non-payment NFC applications. However as the post also mentions, there is still a long way to go.

Mifare emulation

Mifare is definitely the most used contactless chip in the world. I’ve already covered main topics on Mifare on my previous posts. You can find it everywhere; it has been used billions of times, hacked, cloned and it is still the most popular chip in the world.

If any software product has this much of popularity in its class, the need for running it on different platforms is a must. That is what NXP did years ago. Now almost all dual interface chips -including SIM cards- have the option for running mifare as an emulation.

What is mifare emulation? Mifare emulation is actually an application running on the chip operating system. It emulates the mifare classic operating system by providing the exact same hardware and software functionality. Once it has been installed, it responds exactly like a native mifare chip to the readers transmitting mifare commands. Dual interface chips have the contact interface and mifare emulation automatically utilizes this interface. This brings the ability to personalize the mifare emulation applet over the contact interface, which is simply impossible on a native mifare chip.

It is of course very useful to have the mifare functionality on other platforms, but it has some drawbacks as well:

  • First, it has the exact same security problem with the native mifare. But this is something you must have considered while using mifare classic, so it can be skipped.
  • Mifare emulation applet is generally slower than native mifare chip while responding the mifare commands. You need to consider this if you must use native mifare chips and mifare emulation at the same time.
  • You may have to re-configure the readers if they are set to work only with native mifare classic chips.

Another tip is that some vendor’s implementation does not allow to read the Mifare UID from contact interface. This is a great barrier for personalization where you will need the UID for key diversification.

Mifare emulation applets provide an API for accessing the mifare blocks over the contact interface during run time. This way, you get the chance to update the data stored in the mifare blocks during another contact transaction.

DesFire has also been implemented as an emulation and Mifare Plus is also announced to be released next in 2011/2012.

NFC : What is it and what is not?

Since NFC related news are all around the blogosphere, (and partly in mainstream media) I would like to make some clearance on the subject.

First; what is NFC? NFC simply stands for Near Field Communications. It is a set of standards for communication over existing contactless interface based on 13.56 MHz. It is an evolutionary approach -rather than revolutionary- to contactless space. Unlike to popular belief around finance sector, it is not all about processing contactless transactions with a mobile cell phone. And unlike the popular belief around mobile developers, it is not a replacement technology over bluetooth.

NFC defines the communication standards and defines the tags specification to read and write over the contactless interface.

NFC is developed and regulated by NFC Forum, which was originally founded by Sony and NXP. Now it has many members like Microsoft, MasterCard, NEC, Renesas, Visa, Nokia, NTT-Docomo, Inside Secure, Innovision and ST. The common point of these companies are that they are mainly hardware and software companies along with service provider giants. That basically means NFC standards are developed by companies who will actually use it.

NFC chips (controllers) are generally manufactured by semiconductor companies. And other hardware companies built products using these NFC controllers. Inside Secure and NXP are the two biggest companies -that I know of- manufacturing NFC controllers. The hardware manufacturer also develops the software API which is used by the operating system of the final product for accessing the hardware resources of the NFC controller.

For example; this is what happens while using the latest Android apps which transfer files over the NFC interface:

The NFC controller embedded in the Nexus S has been integrated into the handset by the manufacturer, Samsung. Samsung also integrates the operating system that is running on top of the handset hardware and manages the basic input/output of the hardware resources for the apps running on the operating system. Underlying this, there is the NFC controller manufactured by NXP. NXP also develops the software API required to use the hardware by the Android operating system. Android creates the abstraction layer for the NFC controller so that other hardware manufacturers can also provide NFC chips by complying this API.

When people talk about making payments by their NFC compatible handset, that means they are using the contactless payment application (generally by Visa or MasterCard) running on the secure element. (the SIM card) The contactless reader communicates with the payment application via the antenna attached to the handset through the NFC controller. So NFC controller here provides the contactless communication to the payment application. The user interface to access the payment application may be in two ways; via the STK or via the operating system of the handset. STK is platform independent, but the other method is hardly linked to the mobile platform.

NFC has 3 modes:

  • Reader mode : In this mode, you can read & write any contactless chip based on ISO 14443. That is good for converting an NFC device into a contactless reader or POS terminal.
  • Card emulation mode : In this mode, application using the NFC interface acts exactly same as a contactless chip. Payment applications of Visa & MasterCard or transport ticketing applications use this mode.
  • Peer to peer mode : This is for exchanging data between two NFC devices like bluetooth, but not necessarily these devices have to be mobile phones.

So, NFC is actually name of the standard, rather than being a product or a technology. The applications/services developed over NFC is up to the developer and its commercial targets.

NFC : Hottest trend in many ways

We have seen terrific progress in the NFC world throughout the end of 2010. Here are some highlights:

  • Google released the NFC API for Android with some sample code and NFC applications immediately began to roll out. Here is a good application for exchanging a file between two Android phones via NFC. It simply replaces bluetooth interface. NFC World also posted an article on the first Android NFC apps.
  • Apple has been playing around the NFC for some time and now it seems that Apple will be joining the game -but of course with its own rules. This is another mind opening post on the subject.
  • NFC Forum released a white paper on the use of NFC in Public Transport. This has been another step for setting the boundaries of the path to a contactless future in the public transport, which is quite complicated.
  • Latest contactless iPhone payment application was announced by Yapi Kredi Bank and Turkcell – a joint project by a bank and a mobile network operator. (Available only in Turkish) It is already a commercial product and pre-registration is open for iPhone 3 and 4 owners who already have a Yapi Kredi World Credit Card and a Turkcell SIM card.

It seems that NFC will be one of the hottest topics in 2011 around the smart phone world, public transportation, mobile payments and location based projects.

Turkey’s first mobile payment application from ​​​​​​​​Garanti Bank & Avea​​​​​​​​​​​​​​​​​​​​

Garanti Bank and Avea announced the mobile payment application at Cartes 2010 and now it is commercially available in Turkey. It is basically an antenna attached to the SIM card on which there is the PayPass application resides.

The SIM card used is the Gemalto’s N-Flex product. Garanti Bank provides the payment application(s) -there more than one, the default one is a pre-paid application, while Avea is the mobile network operator. The SIM comes with a MasterCard pre-paid application, but you are free to apply to more credit cards once you have the SIM activated. The STK menu allows the user to access the applications for activating and deactivating. You can apply for a pay-as-you-go or a post paid SIM. Post paid costs 40 TL (~20 EUR) and the pre-paid one costs 20 TL (~10 EUR)

It’s a smart move from Garanti Bank, which is clearly the market leader on the contactless space in the Turkish market. The pre-installed MasterCard pre-paid application on the SIM is also a nice touch since you do not have to go through the credit card application process. It’s sold through Ave’s distribution network since you have to activate the SIM first. The product is also backed with a bonus balance of 25 TL (~12 EUR) and 100 minutes air time if you apply before the new year. There is a nice video explaining the product to end users on the product’s official web site here. (Only in Turkish)

Another product announcement at Cartes was from Bank Asya, which is almost the same service but specific to mifare based Turkish Toll Payment system for highways.

With the add-on features and the successful start-up campaign, I personally find the product highly innovative based on the current hardware and software available in the market. As a wish, I am hoping these products to build the user acceptance of the mobile payments and make the bridge between the antenna chip to SWP chips.

Nexus S

Google announced the first mainstream Android based NFC handset, Nexus S. Unlike the first Nexus, it is not an HTC device but basically a derivative product of the Samsung Galaxy S family. Even though it has its shortages, this is a huge step for the NFC era.

According to the official information, Nexus S has NXP’s PN544 NFC Controller which is compliant with SWP. That means the handset is compliant with the latest trend in the NFC world which is handing over the power to MNO and/or banks on the secure element. However, sadly, current software stack does not support access to the secure element -the SIM. This means you that can only read/write NFC tags. NFC feature can be enabled/disabled through Android settings, just like the bluetooth radio.

It will not be usable for the big ongoing pilot projects that mainly utilizes the NFC chips as a payment/ticketing media. (Unless new features will be available later on) It can only be used for reading NFC tags which will basically forward the browser to a certain URL or for reading data from a poster, etc. Or for checking in to places or venues via the handset. There is also a big opportunity to use the handset as a coupon media which is a popular business in the US -but not in Europe.

These features make me think that this is an initial device for testing the technology for non-financial projects. The popularity of the applications/projects will lead to more devices with more functionality. It is a big step for the NFC world because now an open mobile platform officially has the support for the NFC functionality and the first handset is already commercially available.

NXP and Gemalto sign licensing agreement for adding Mifare to UICC

Today, Gemalto announced that Gemalto and NXP signed a licensing agreement for adding Mifare to Gemalto’s SIM products.

Gemalto is clearly the global market leader in providing banking smart cards. What else? Gemalto also has an OTA platform for mobile network operators. Gemalto is a member of Open Handset Alliance -the organization behind Android, which officialy announced the NFC support very short time ago. They even acquired the Mifare4Mobile team from NXP two years ago. Well, putting them all together, we can say that they have “the whole package” for an NFC ecosystem.

Without a doubt, transport ticketing is the killer application for NFC and Mifare is the strongest player for hosting the transport ticketing applications. All the mifare classic hacks couldn’t change this. NXP announced that 4 byte UIDs reached the end and they will start non-unique 4 byte UIDs or 7 byte UIDs for Mifare Classic.

So adding a mifare emulation applet on top of Gemalto’s current product range means only one thing; mifare based ticketing systems have a clear path for an NFC project. Gemalto can provide an end-to-end solution for transport operators, regulatory authorities, or even to banks for running a mifare based application via mobile phones.

Again; the only missing part is still the lack of handsets with NFC support!

Android jumps on the NFC bandwagon

As many of the authorities agree, Android is the most promising mobile platform. It is now the second after Symbian (bypassing iOS) and it is on the rise to the top. NFC support for Android was already under development and it was rumoured that the latest Android version 2.3 Gingerbread will officially support NFC. This was confirmed at the Web 2.0 Summit during the discussion session with Eric Schmidt, the CEO of Google with Tim O’Reilly and John Batelle.

He even demonstrated an NFC tag reading application that opened the location of the tag on Google Map. The full session can be watched on Youtube here.

After Nokia and Apple’s patents and applications on NFC, now Android has committed in to the NFC space. In general, banks and telco operators have already had many pilot programs and now the picture is almost complete with one little actor missing: the device manufacturers! Unfortunately there are too little number of handsets with NFC support.

Anyway, let’s look at the bright side. Now that all major mobile platforms officially support NFC, application developers can have a wider range of users. Mobile application markets have already solved the distribution problems, now the it is time for the -hopefully- gold rush!

Here are an idea of an NFC project other than obvious payment and ticketing applications:

Imagine check ins with Foursquare over the NFC tags attached to the cashier desks of the venues with NFC supported handsets. These tags (not necessarily just tags) can offer discounts based on the check ins for a specific time frame. Or even based on a pattern like buying gas from a certain network and then buying food from a certain supermarket chain. It can even trigger a payment application residing next to the coupon application.

The only question remains here is when?

Mobile contactless payment white paper from EPC and GSMA

With the release of Mobile Contactless Payments Service Management Roles Requirements and Specifications white paper prepared by EPC and GSMA, I think I have now the responses of my post on practical barriers of NFC.

EPC is the decision making and coordinating body of banks regarding payment for EU region. The main reason of EPC’s existence is to develop and maintain the SEPA (Single Euro Payments Area) and I believe they made a good job so far. And GSMA represents the interests of the worldwide mobile communications industry in 219 countries with nearly 800 mobile operators and 200 more companies within the ecosystem of mobile networks.

So, the co-operation of these two organizations on mobile contactless payments definitely filled a gap in the NFC related mobile contactless payments space. Now banks and mobile network operators have a reference document defining the commercial relations, technical roles, operational workflows and most importantly a single user experience approach for the customer. Although I am still not sure how much binding will this document be for the banks and mobile network operators but it will definitely help new projects.

The main highlights of the document are;

  • Setting the definitions of all context
  • Defining clear explanations of the roles
  • Defining the lifecycle management of the mobile contactless payment application
  • Examples of various scenarios of mobile contactless payment implementations between banks, TSMs and mobile network operators.
The below figure is an extract from the document which I believe is the heart of the document defining the lifecycle starting from the application to termination of the service.
I think anyone interested in the subject must read the paper which can be download from here.