Licensing, Not Security, Drives New Transit ‘Standard’
Recent posts on this blog
The vendor group planning to launch a contactless transit-ticketing offer to compete with world-dominating Mifare technology is selling its initiative as a much-needed move to open standards and one that also provides security transit operators can trust.
But make no mistake about it: This initiative is mainly about licensing–Mifare licensing.
Introduced in 1994, Mifare has been wildly successful for its owner, NXP Semiconductors, formerly known as Philips. The chip maker estimates that more than 1 billion Mifare chips have been shipped over the years and are used in cards in nearly 700 cities for transit fare collection. Mifare accounts for three-quarters of the yearly market for contactless transit cards–a market that will top 200 million cards in 2010, forecasts vendor trade group Eurosmart. All this makes Mifare the most used contactless-card technology of any kind.
And that has made a nice living for NXP, even after taking into account the millions of cloned Mifare cards produced every year in China.
While the well-publicized hacks of Mifare Classic cards in 2008 tarnished the brand, it’s still going strong. And the attacks created more demand for NXP’s more secure Mifare products: DESFire, which had been largely ignored by transit operators after NXP introduced it in 2002, and Classic replacement Mifare Plus. So, it’s perhaps not hard to see why NXP is guarding its Mifare franchise closely.
In 2008, NXP opened up its licensing of Mifare to other chip vendors for the first time in many years, granting a license for the “entire Mifare family” to Renesas Technology of Japan, then another last year to Switzerland-based STMicroelectronics. But these licenses only permit Renesas and ST to produce Mifare chips for SIM cards or other secure elements in NFC phones and for Mifare applications on dual-interface chips in banking cards.
These are promising markets for Mifare but account for very few shipments so far. What the chip makers cannot do with the licenses is produce chips for the voluminous market for standalone Mifare transit cards.
About the only chip maker besides NXP that can legally ship Mifare chips for transit cards is Infineon Technologies, which is anchoring the new vendor group challenging Mifare.
Infineon has done all right by Mifare, as well. When it was spun off by Germany-based Siemens group in 1999, Infineon took with it a grandfather arrangement from an old Mifare licensing deal between Siemens and Mifare creator, Mikron, which Philips acquired in 1998. The deal allows Infineon to produce low-end Mifare compatible chips royalty-free. Among its contracts, say sources, is supplying chips for the large, high-profile, Oyster fare scheme in London.
Unfortunately for Infineon, the owner of the scheme, Transport for London, was one of the transit agencies publicly shamed in 2008 by hackers demonstrating how easy it is to crack Classic’s aging Crypto1 encryption scheme.
TfL decided to upgrade to more expensive DESFire, NFC Times has learned. But Infineon doesn’t have a license to produce DESFire cards–or DESFire SIM chips, for that matter. The SIMs will come into play when TfL puts Oyster on NFC phones, as the transit authority has promised to do.
Infineon probably saw the handwriting on the wall for Mifare Classic more than two years ago, when it began developing the technology for its new transit chip. And it knew it would probably be blocked from supplying chips for higher-end Mifare cards.
Meanwhile, NXP’s archrival in the budding market for NFC chips, Inside Contactless, can’t get any Mifare license at all.
Inside said it was turned down for a license on “multiple occasions” between 2007 and 2009. NXP is locking Inside out of Mifare so that mobile operators will order NFC phones packing NXP chips, in anticipation of commercial Mifare m-ticketing projects, Inside believes.
Card vendors involved in the vendor group planning the Mifare alternative, Oberthur Technologies and Giesecke & Devrient, also have a problem. Rival Gemalto has a Mifare license, which would help it supply DESFire-based SIM cards or other secure elements for NFC phones. That would give Gemalto a leg up on Oberthur and G&D if transit operators start asking for higher-end Mifare applications on NFC phones.
All this sheds light on reasons the vendors want a Mifare alternative. But they would say that NXP's restrictive licensing policy and the Mifare "monopoly," as Inside Contactless put it, the policy has created, is the very reason the industry needs "open standards" and greater attention to security for transit cards and applications.
Still, while open standards for chips in transit cards and NFC phones might sound good on paper, observers doubt the vendors will be able to pull off even a simple open-standard scheme, let alone something similar to the EMV standard for bank cards, as some have suggested they try to do.
The vendors would either have to form their own standards body or enlist one already in operation; no mean trick on either score.
As for higher security the new transit offer would provide, NXP’s has offered the same level and type of encryption technology on DESFire cards since 2007, but few transit operators have bought it. Mifare Plus, launched in late 2009, also offers the AES 128-bit encryption scheme.
Many operators and their consultants seem content to go on ordering cheap and plentiful Mifare Classic cards, despite the low security. The operators can guard against widespread cloning on the backend of the fare-collection system, while accepting the risk of a few pilfered rides here and there by fraudsters.
Yet, besides their desire to get around restrictive Mifare licensing, perhaps the new vendor group sees an inviting target in NXP, which group members say was unprepared to respond forcefully to the inevitable Mifare hacks in 2008 and the bad publicity they caused.
Whether that is enough to crack NXP’s dominant share of the transit fare-collection market remains to be seen.
Dan Balaban is editor of NFC Times.