NFC TimesThe premier source for news, analysis and commentary on
Near Field Communication and all contactless technology

Taking aim at NXP Semiconductors and its dominant Mifare technology, four smart card industry suppliers have announced plans to introduce what they call an “open standard” for contactless transit-ticketing applications on cards and NFC phones.

The move could shake up the market for contactless transit ticketing, which saw shipments of an estimated 200 million cards in 2009, according to smart card trade group Eurosmart. NXP estimates about 75% of transit cards shipped worldwide support its Mifare platform and more than 650 cities run Mifare-based transit cards.

“The market needs a competitive offering,” Tilo Pannenbaecker, vice president and general manager for personal and object ID at Germany-based chip maker Infineon Technologies, told NFC Times. “The market needs multiple suppliers. What we are targeting are not two or three suppliers. We clearly invite more to join.”

France-based chip supplier Inside Contactless, along with the second and third largest smart card suppliers, respectively, Oberther Technologies of France and Giesecke & Devrient of Germany, joined Infineon in announcing the initiative Jan. 26.

Infineon, which itself supplies low-end chips supporting Mifare but is locked out of the market for higher-end Mifare chips, developed a new transit chip authentication scheme that underpins the planned offer by the vendors. They plan to have chips, cards and other applications supporting it on the market by early next year.

Infineon worked on the technology for more than two years, said a source. It developed a proprietary security protocol that would authenticate cards or other devices, such as NFC phones, that transit riders would tap on readers to pay fares at metro gates and onboard buses, trams and other modes of transport. The open Advanced Encryption Standard, or AES, with a 128-bit encryption key, would support the proprietary authentication scheme.

Infineon said that in contrast to NXP’s more restrictive licensing policy for Mifare, it would license its new technology on a "fair and reasonable" basis to other chip and card vendors, charging them low royalties on shipments, in order to build market share. It pledged to hand over the technology to an independent body in three to five years.

The 128-bit key length is well above the 48-bit key used on most Mifare cards in circulation today. Those low-cost cards, Mifare Classic, suffered some well-publicized attacks in 2008 by hackers demonstrating they could clone cards, including those used by Transport for London and Dutch transport operators. The cards and the proprietary Crypto1 encryption scheme they use had earlier been hacked and cloned in China.

NXP: New Scheme is a ‘Strong Endorsement’ of Mifare
NXP is quick to point out that it now has a successor available to the technology behind the 15-year-old Mifare Classic cards, called Mifare Plus, which also uses AES with 128-bit keys. And since 2002 it has offered a higher-cost and more secure card, Mifare DESFire. It later added AES security to DESFire. Even with Mifare Classic, security measures on the back-end of fare-collection systems have protected transit operators from losses, NXP points out.

NXP declined a request for an interview, instead issuing a statement to NFC Times about the rival contactless fare-collection chip technology:

“We understand this competitive offering in the market for contactless public transport ticketing as a strong endorsement of our current product portfolio. We see that the companies are planning to provide an IC concept closely following the specification of NXP products, which have been shipped in volumes for many years now.”

The chip maker added that the German Federal Office for Information Security has certified its Mifare DESFire and Mifare Plus products for security.

Vendor: Mifare ‘Monopoly’ Hurts the Industry
But vendors involved in the new fare-collection “standard” make it clear they plan to try to exploit the fact of the Mifare hacks as well as NXP’s dominant market position and what they contend is the chip maker’s too-restrictive licensing policy.

“NXP has historically been dragging their feet regarding innovation due to their monopoly position, knowingly making further Mifare deployments when the crack of Crypto1 was imminent,” Charles Walton, executive vice president and chief marketing officer for Inside Contactless told NFC Times. “There is no NXP incentive going forward to work towards open standards or to innovate while they try to defend a high-market share position.”

Walton said Inside requested a Mifare license on “multiple occasions” between 2007 and 2009, but NXP turned it down each time.

“It is clear that NXP is closed to the idea of opening up Mifare,” he said, charging that NXP denied the license to keep Inside from supporting Mifare in its Near Field Communication chips and other products that compete directly with NXP’s. “NXP is intending to protect their position in the transit-fare market and extend it to NFC implementations in the future–propagating a cycle of proprietary, closed, non-innovative solutions into this new market.”

Infineon declined to say if it was also turned down for a license to ship chips supporting Mifare DESFire or Mifare Plus, but that seems likely. At present, it produces Mifare Classic-compatible chips royalty-free under a grandfather arrangement in the old licensing agreement between Mifare creator Mikron and Siemens group, from which Infineon was spun off in 1999. NXP, then known as Philips Semiconductors, acquired Mikron in 1998. As with other chip vendors, NXP will probably not grant Infineon a license to produce Mifare DESFire or Mifare Plus chips for standalone transit cards.

If Infineon cannot produce the more secure Mifare cards, it stands to lose significant business. Sources say Infineon supplies Mifare chips for cards used by Transport for London for its Oyster fare-collection scheme, one of the largest contactless programs. But Transport for London has decided to upgrade to Mifare DESFire for Oyster cards.

NXP declined to comment on the Inside and Infineon licensing issues, but said in a statement that it started a Mifare-licensing program in 2008 “to ensure adequate supply of Mifare-based products.”

Major chip makers Renesas Technology and STMicroelectronics have licensed the technology. It allows them to produce chips supporting all Mifare products, but not for standalone transit cards. They can supply chips only for Mifare applications on SIM cards or other secure elements in NFC phones or alongside open-loop payment applications on dual-interface bank-issued cards.

Gemalto, the world’s largest smart card vendor, also has a Mifare DESFire license, which would help it supply Mifare-based SIM cards or other secure elements for NFC phones. Neither Oberthur nor G&D have such a similar license, NFC Times has learned, which could put them at a disadvantage to Gemalto if customers, such as transit operators, want to put higher-end Mifare applications on NFC phones. Oberthur and G&D would only be able to offer cards, but likely only those using chips from Renesas or ST. Gemalto could use chips from a range of suppliers.

All three Mifare licensees, Renesas, ST and Gemalto, declined requests to join the new vendor group, NFC Times has learned.

Infineon’s Pannenbaecker confirmed his group invited other large smart card industry suppliers and transit fare-collection systems integrators to join, though declined to mention names. When contacted, Gemalto declined to comment on why it did not lend its name to the launch of the new scheme and would not say whether it plans to license and buy chips for transit cards complying with the scheme in the future. ST also declined comment.

The new initiative also lacks the endorsement of an automated-fare collection systems integrator, such as U.S.-based Cubic Transportation Systems, integrator for the Oyster system, among many others. Support from systems integrators could be crucial for any new transit card technology, since these companies often choose the fare cards for the transit operators and ensure interoperability with readers and the rest of the system, said fare-collection expert Gary Yamamura of U.S.-based Three Point Consulting.

“Today’s fare-collection systems are complex beasts with massive amounts of hardware and software components,” he told NFC Times. The success of the standard in the U.S. and abroad will also be determined by the willingness of the leading integrators to adopt it or their customers to mandate it.”

No Mifare Hue and Cry
He added that he has not heard of any broad discontentment among transit agencies with Mifare, even Mifare Classic, except in places where hacks were publicized.

Transit operators have been content to continue to buy the cheap Mifare Classic cards, despite the security risks, say observers.

Only a relatively small number of transit operators have upgraded to DESFire, and Mifare Plus has only been available for a short time. The card alternatives to Classic–besides more expensive DESFire and Plus–are transit cards supporting the Calypso application and security scheme or the strictly proprietary FeliCa technology from Japan’s Sony Corp. There are also some transit cards following national standards. All are generally costlier than Mifare Classic, especially FeliCa.

Calypso, used mainly in France, and Italy, along with some other cities in Europe and the Americas, has not taken off globally as hoped by backers. FeliCa is limited mainly to Japan, along with Hong Kong, where it is used in the pioneering Octopus scheme.

FeliCa cards do not comply with the ISO/IEC 14443 contactless standard. This standard controls the lower-level communication, not higher-level security layers. Calypso complies with the type B option of the 14443 standard, while Mifare supports type A.

In any case, a move to cards using a different security standard could be prohibitively expensive for transit agencies not because of the cards but the need to change most of the rest of the fare-collection infrastructure, including terminals. The new transit security scheme led by Infineon will likely follow type A, and the vendor said that this could enable transit operators to switch from Mifare to the new scheme without necessarily replacing all terminals and readers. They contend an upgrade from Classic to higher-end Mifare could be just as costly.

Chris Shoukry, the first director of London’s Oyster program, who left in 2001 before the fare-collection system launched, said she welcomed the Mifare alternative. She is now a consultant with United Kingdom-based Alco Group.

“It’s a step in the right direction,” she said. “Anything that can release the stranglehold that NXP has got has got to be good. (But) it’s not the whole answer.”

She agreed with Yamamura: The problem is that the chip card is only a part of a much larger fare-collection system. Even if Infineon and the other suppliers were to achieve their stated goal of an “open standard,” systems integrators need not follow it. And the integrators often put their “little proprietary hooks” in contactless card readers or other parts of the system to keep transit operators dependent on them, said Shoukry.

Standards Body? What Standards Body?
There are no global standards bodies that could encourage such interoperability between cards and readers as there are for, say, EMV bank-payment cards. These are standardized by UK-based EMVCo, which is owned by the major payment-card brands.

While some industry observers believe many transit riders will one day use their contactless bank cards to directly pay fares, there will still be a need for closed-loop transit-fare payment systems. And backers of the new transit-card “standard” acknowledge the lack of a standards body is a problem.

Infineon’s Pannenbaecker told NFC Times the plan for the vendor group is to establish the new transit offer by supplying steady shipments of chips and cards and adding more large suppliers. Then, in three to five years, Infineon would “exit the driver’s seat,” and hand the technology over to an independent body. That body could maintain the standard and commission independent testing of cards or applications on phones or other devices.

But what standards body would take on the task? It could be a committee of the International Organization for Standardization, ISO, suggest some. Or perhaps GlobalPlatform, which standardizes multiapplication platforms for the smart card industry, would consent to take it. Even the Calypso Networks Association, which standardizes competing contactless transit technology is a candidate.

Or the vendor group could set up its own standards body–which is not a simple proposition.

“Unfortunately, in comparison with the open bank-card market, there are no global authorities to set standards for contactless transit fare collection,” said Inside’s Walton.

“It’s a bit of a birthing process.”  NT