SIM Vendors Promote ‘Open API’ for NFC Phones; Google Not Yet Onboard
NFC phone software from SIM vendor group the SIMalliance that helps phone app developers tie into the secure elements on NFC phones is getting strong support from mobile operators but not from Google, at least not yet.
The SIMalliance, which just released a second version of its “Open Mobile API,” said some handset makers have already incorporated the API, which it calls a “de facto standard” for NFC phones.
The application-programming interface has the endorsement of the GSM Association, the trade group representing most mobile operators worldwide. The GSMA sees the API as a standardized way for developers to access payment or other secure applications on SIM cards as they build apps that could run in NFC mobile wallets on Android phones.
It remains to be seen whether the Open Mobile API favors the SIM as the de facto secure element in NFC phones.
The SIMalliance, which represents such large SIM card suppliers as Gemalto, Oberthur Technologies and Giesecke & Devrient, says it doesn’t. The API offers a common way for developers to connect their phone apps not only to SIMs but to other secure elements, such as embedded chips and microSD cards, said the group. And it works not just for Android but for other mobile operating systems, as well, it said.
The API also could bring more app developers into the NFC ecosystem by giving them a more straightforward way to build the user interface apps for payment, corporate ID, transit ticketing and other secure applications that run on secure elements, said SIMalliance chairman Frédéric Vasnier, a senior vice president at Gemalto.
“We are proposing an automatic sewing machine to someone who doesn’t know how to sew,” he told NFC Times. “You don’t have to be a specialist in SIM or in microSD or in (the) embedded secure element when you are a developer.”
Of course, not just any developer of apps in the Android Market or other app stores would be able to build apps that connect to the secure elements in NFC phones.
They would have to get the signing keys to access the secure chips from the owner of the secure elements, which would be the mobile operator for SIMs, and usually the handset maker or telco for embedded secure elements. They might also be able to get permission to access the secure element from a service provider, such as a bank.
These are the apps that run on the handset and tie into corresponding applications on SIMs or other secure elements, such as payment applications supporting MasterCard PayPass. The applications on secure elements are built by an even more specialized group of developers, usually from smart card companies.
Without the SIMalliance's API, the handset app developers, even with the necessary signing keys, need to “re-engineer” apps for each NFC model and each operating system, said the vendor group.
Among handset makers that have incorporated the Open Mobile API is Samsung Electronics for its Galaxy S II. The GSMA included the API in the second version of its NFC Handset APIs and Requirements document, which it encourages mobile operators to use when they order NFC phones.
“I don’t know of any MNO (mobile network operator) who is not requesting it (API),” Vasnier said.
Google and RIM Not Yet Onboard
But the backers of the SIMalliance API do not apparently include Google or Research In Motion, yet. Neither Google’s Android operating system nor RIM’s BlackBerry OS 7 platform incorporates the API.
Without being part of the platforms, mobile operators have to specify the API for each NFC model they order.
Google already has an API to access secure elements in its Gingerbread and more recent updates to its Android operating system, which support NFC. But it does not publish the API. And Google keeps even tighter control over the API to develop secure Google Wallet apps that run on its own Nexus S 4G. This is the only phone model so far that supports the Google Wallet.
“For security reasons, we do not plan to publish APIs to control the secure element in the Nexus S,” a Google spokesman told NFC Times. “However, Google Wallet is an open commerce ecosystem, and we will work with any bank, carrier, network, to include them in Google Wallet.”
The API for accessing the secure elements in Android phones is not published in general, not only for Google’s own Android phones, said Michael Roland, a researcher for the NFC Research Lab, Hagenberg. But he doesn’t find that surprising, since only a small subset of all app developers would be called upon to develop apps tied to secure elements.
“For the moment, I expect that Google will try to keep access to the secure element closed (unpublished),” he told NFC Times. “There are simply too many unresolved problems and difficulties if every developer has access to this API.”
Among those potential problems are security concerns.
Update: Germany-based Stollmann, an NFC middleware provider that led an unsuccessful effort late last year for adoption of an open NFC API for Android phones, said incorporating the SIMalliance's Open Mobile API into Android is ultimately Google's decision.
“I don’t think Google is blocking anything specifically,” Christian Andresen, head of NFC at Stollmann, told NFC Times. “Maybe they are not activley supporting the approach.” He added that Google's interest in NFC for the Android platform goes beyond smartphones: “Google has a bigger picture for NFC usage across various devices, which is not SIM-centric. They have to support more than one initiative.” End update.
But the GSM Association doesn’t like the fact that Google declines to publish an API for developers to access secure elements in Android NFC phones its members might buy. That is unlike, for example, feature phones that run Java software and use the freely available JSR 177 API to access secure elements, it says.
The association, in its NFC handset requirement specifications, said it expects Android to eventually get a (published) API for accessing secure elements and urged the keepers of Android, which would be Google, to adopt the Open Mobile API.
SIMalliance’s Vasnier said he doesn’t know why neither Google nor RIM have yet to adopt the group’s API, though he suggested it might relate to when the API became available. The SIMalliance introduced the first version of the API in April.
He doesn’t expect Google to use the vendor group’s API for its own NFC phones, however.
“Google for its own Google Wallet has its own proprietary APIs that they do not disclose to developers, and they are implementing that in their Nexus devices,” he said.
API Favors SIMs?
Of course, large mobile operators have their own plans for rolling out NFC mobile wallets, based on the SIM cards they issue, and they see Google as a competitor.
In its NFC handset APIs and requirements, the GSMA mandates that in NFC phones supporting multiple secure elements, such as SIMs and embedded chips, the SIMs should be the default secure elements. And the GSMA specs also include an option for operators to require that devices support the SIM to the exclusion of all other secure elements. Telcos could include these requirements in their tender documents to handset makers.
The SIMalliance’s Vasnier acknowledges that the Open Mobile API could support the requirement that the SIM become the default secure element in NFC phones with multiple secure chips.
But he contends the API does not favor SIM cards over other secure chips in NFC phones.
“The API is just offering the same type of access, whatever the secure element: SIM, embedded secure element, microSD,” he said.