The NFC medium is a microSD card which is plugged into a so called iCaisse from device fidelity. The iCaisse communicates through the accessory port with the iPhone to exchange information as such as the unlock command as well as transaction information.

Device Fidelity is cooperating with MasterCard in the US. At Moneto.me the iCaisse with a micro SDCard comes for USD 79,95 including USD 10,00 paypass credit. When integrating the micro SDCard into other devices such as Android devices, a so-called “booster” sticker is required (due to the very small magnetic field of a NFC enabled microSD card). The installation process of such a sticker is shown in the following video:

In the beginning hobex — Raiffeisens own acquirer — will be the only company accepting both types of payments (vpay and cardis). Gerald Kubu, head of card services, claims that there are plans to cooperate with other acquirers. The service provider for processing is SIX Card Solutions. Currently only FirstData has installed some Vivotech NFC readers at Zielpunkt in Vienna and Schlecker. Hobex Verifone readers have only be spottet in the cantina of Raiffeissen. From a devices point of view, Raiffeisen currently is focusing on iOS devices. Android, Blackberry or Windows Mobile Phones will not be supported in the beginning.

The rollout is planned to start on April 1st 2012.

Press Release Raiffeisen

Press Release SIX Card

In Turkey there are already lots of acceptances points for MasterCard paypass, thus more and more bank also allow customers to put their payment application onto the UICC of the mobile network operator. The TSM infrastructure for Turkcell is provided by SmartSoft.

The following video shows two payment process with NFC:

Note that the reader in the first case is mounted very low and it is not clear for the customer whether the payment was successful or not (2:49). In this case a Vivotech reader is used.

In the second case there are 4 (four!) different payment terminals on the counter for accepting different card payments (4:00). During the second process the phone covers the whole terminal display and LEDs and thus the user cannot see whether the payment was successful or not. Only the “beep” tell the user that something has happened.

In the third case different payment stickers are shown (5:00). All the information such as creditcard number, CVC and date are fully visible! The Stickers are issued by Badenwürthenbergische Bank and processed by ATOS. Just help yourself and try online: https://www.kreditkartenbanking.de/bwbank/. Maybe it is not a good idea to put all the sensitive information on a sticker …

For a user experience point of view there is still a lot of work to do.

The card itself will not provide customer information to the merchant. The payment schema explicitly was designed for fast payments with out PIN or a signature. Therefore the amount to be paid is limited to 20 EUR. This is similar to the credit card products PayWave (Visa) and PayPass (MasterCard).

Heise.de

On the other side the LBB (Federal Bank of Berlin) is the frist Visa PayWave Issuer in German.

What can you do?

As a developer you won’t have the keys to the embedded secure element. Therefore you cannot load, delete or modify applications in the secure element (so called applets). According to Google, First Data holds these keys securely. But in the code of Google Wallet there as two AIDs of applets given.

At first there is the card Manager A000000003000000 and secondly the AID of the wallet itself: A000000476201000. You can try selecting them and get some data of the wallet applet using 80CA9F7F00 or 80CA004200.

OTA Management included

Google’s Wallet also includes the OTA Management client acting as the proxy application between the embedded secure element as well as the backend system. The wallet contains URLs such as “https://oma.skcctsm.com/mcp/was/dynamic/url” or
“https://uat.skcctsm.com/mcp/was/dynamic/url” which indicate that the TSM Service of SK C&C is contacted. Also the email-address gtec.skcc@gmail.com is used for Google’s Cloud to Device Messaging (C2DM).

During startup of the wallet, the server is contacted and the log output looks the following (x-ed out the TID, the IMEI and the Device ID). It seems that this information is sent to the backend server.

E/TelephonyManager(  556): Original: com.google.android.apps.walletnfcrel, new:
com.google.android.apps.walletnfcrel
D/OTA     (  556): PseudoIMEI = xxxxxxxxxxxxxxxxxxxxx
D/OTA     (  556): deviceID = xxxxxxxxxxxxxxxxxxxxx
D/OTA     (  556): MSISDN =
D/OTA     (  556): RADIO TYPE = GSM
D/OTA     (  556): MNO =
D/OTA     (  556): intentAction = com.skcc.gtec.otaproxy.SCREEN_UNLOCK
D/OTA     (  556): onStartCommand act = StoreRegID
D/OTA     (  556): onStartCommand serviceID = null
D/OTA     (  556): onStartCommand tid = xxxxxxxxxxxxxxxxxxxxx
D/OTA     (  556): onStartCommand instance_seq = null
D/OTA     (  556): onStartCommand mode = pull
D/OTA     (  556): onStartCommand appletAID = null
D/OTA     (  556): onStartCommand instanceAID = null
D/OTA     (  556): onStartCommand appletVersion = null
D/OTA     (  556): getIsConnect netFlag = false
D/OTA     (  556): act = StoreRegID

A detail security analysis by viaForensic can be found here.

MNOs, the SIM and SEEK

Currently Google Wallet is only available to customers of Sprint. What’s important here is, that Sprint runs a CDMA network, where no SIM card is required. So the only secure element in the device is the embedded secure element from Google. To say it the other way around: Sprint needs the embedded secure element of Google for NFC payments. Therefore Google did a good deal to enter the market, as the other MNOs — such as Verizone — want the SIM card be the secure element (the only!) in the device.

Yet there is no API in the devices for accessing the SIM cards. Additionally also a secure layer is needed in order to manage the access to the applets on the UICC and/or the embedded secure element. The GSMA and the SIMAlliance already agreed on a method (which was proposed by Gemalto). This method is already implemented in the most current version of SEEK, which can be directly integrated into Android.

NFC enabled Android devices without an embedded secure element can be manufactured with a PN544 (without embedded secure element, only SWP support) instead of the PN65n. This is possible as both chips have the identical PINs. There are already models of the Samsung Galaxy S II without embedded secure element.

At the point of sale, Terminals from Point AB are used. Point AB is the largest acquirer in northern Europe and was acquired by Verifone in November 2011.

• Card Emulation Mode
• Reader Writer Mode
• Peer-2-Peer Mode

Reader Writer Mode is already available in Android since the first Gingerbread release in December 2010. Card Emulation Mode, which is actually required for Google Wallet, is not yet available for public. Peer-2-Peer Mode as defined in ISO 18092 is now finding its way into Android devices, also known as “Android Beam”.

Developer that are used to Peer-2-Peer communication from other platforms like J2me (using the JSR257), we be confronted with a different software architecture for this feature. On Android there is nothing like a Target or an Initiator Mode – at least not for the developer. Under to hood, you will find the classes like P2pInitiator.java or P2pTarget.java which are part of the package /frameworks/base/core/jav/com/android/internal/nfc. Also the P2p protocol which is called LLCP (Logical Link Layer Protocol) is not accessible to the developer. And of course the NDEF and RTD implementation is part of the core operating system. The base classes can be found in
/framework/base/core/java/android/nfc. (Browsing the Android Code/GIT repo is not possible anymore so please check out the repo and have a look at the source offline). NFC P2P sending and receiving should be as easy as possible for a developer and is available since API level 14 (since 4.0, Ice Cream Sandwich).

Receiving an NDEF Message (= P2p Target Mode)

In order to receive an NDEF through a NFC P2p connection, the activity has to listen to an Intent, which his defined in the AndroidManifest.xml. The according part looks like the following:

<intent-filter>
  <action android:name="android.nfc.action.NDEF_DISCOVERED" />
  <category android:name="android.intent.category.DEFAULT" />
  <data android:mimeType="application/com.example.android.beam" />
</intent-filter>

In order to process the NDEF Message in your application, you need to handle the incomming Intent in the onNewIntent() method.

Sending an NDEF Message (= P2p Initiator Mode)

For sending an NDEF Messages, your Activity needs to implement to Interfaces:

NfcAdapter.CreateNdefMessageCallback.createNdefMessage(NfcEvent event)
NfcAdapter.OnNdefPushCompleteCallbackon.NdefPushComplete(NfcEvent event)

CreateNdefMessageCallBack causes a Callback to be invoked when another NFC device capable of NDEF push (Android Beam) is within range. Using setNdefPushMessageCallback() you can instantly create an NdefMessage at the moment that another device is within range for NFC and push it over (pushing is done automatically). Using this callback allows you to create a message with data that might vary based on the content currently visible to the user. Alternatively, you can call setNdefPushMessage() if the NdefMessage always contains the same data.

OnNdefPushCompleteCallbackon causes a Callback as soon as sending of the NDEF Message is completed. You should implement this method in order to let the user know, when the transfer is complete and thus the user can put his NFC device away.

In order to receive the Callback, you have to register them, which usually is done in the onCreate() method.

// Register callback to set NDEF message
mNfcAdapter.setNdefPushMessageCallback(this, this);
// Register callback to listen for message-sent success
mNfcAdapter.setOnNdefPushCompleteCallback(this, this);

If you want to make sure, that on the target devices, the correct application is triggered to process the NDEF record, you can set the Android Application Record (AAR).The AAR overrides the tag dispatch system. You can add it back in to guarantee that this activity starts when receiving a beamed message. For now, this code uses the tag dispatch system. Using the AAR can be done adding the following NDEF Record to the NDEF Message:

NdefRecord.createApplicationRecord("com.example.android.beam")

With this know-how and the example code from Google it should be easy for you to develop your own P2P Application using Android Beam.

Package Summary

TagViewer of NFC Demo to read NDEF Tags

Beam Demo for Sending (pushing) and receiving NDEF Messages

There are two alternatives:

First of all there is the possibility to implement a DESFire-like Java-Card applet. As both Java Card as well as DESFire fully support ISO 14443-4, for a technical point its is an option. The Java Card applet in such a case will interpret the ISO commands for the reader in a way the hardware of the DESFire Chip would do. As the implementation in this case is in software and not hardware, the transaction speed will suffer. Depending on the quality of implementation as well as the Java Card chip used, these performance issues can be eliminated partly.

The other option, is to switch to an open standard: OSPT (Open Standard for Public Transport). This Industry consortium is driven by the major smartcard chip manufacturers and developers such as Samsung, Infineon or G&D. They want to provide a royalty free, open and secure product with can be used in public transport acting as a competitor to Mifare DESFIre. Singapore’s Land Transport Authority (LTA) is the first to agree to adopt the new standard called “Cipurse”. Cipurse will also be interoperable with the contactless ticking system in France – Calypso.

BAWAG/PSK on iTunes

Easybank on iTunes

RTA also provides the services for registered card holders (blue NOL Card) to top up the card online. When checking in the next time at a gate, the card will be recharged automatically. According to khaleejtimes.com the NOL Cards also have the auto top-up feature we already know from OysterCard soon. RTA also plans a combo NOL card featuring a credit/debit card. Although these products were announced for Q4/2011, they are not yet available.

Moving to NFC enabled handsets might be tricky for RTA. Due to the fact, that NXP charges a license fee for DESFire, the integration of DESFire technology into SIM Cards or embedded secure elements is less attractive. But there is also the option to emulate a DESFire Card using a Java Card applet running on the UICC. Maybe we will see the first NFC handsets with NOL cards in 2012. (Details)

The key usually stays in the car, but to start the car an individual PIN code is required to authenticate the customer. The PIN is entered on the on Board Unit of the car. Then the customer can immediately use the car to go from one place to another within the city of Vienna (roughly 80 km2). There is sign up fee of 9,90 EUR. Using the car costs 0,29 EUR per Minute or 12,90 EUR per hour.

The onboard unit in the cars is provided by Magnet Marelli a company focusing on the production of hi-tech systems and components for the automotive sector.

The readers in the shop are made by Tagnology an Austrian RFID Company based in Styria.