Card Emulation Expected Soon Despite Doubts from Google Engineers

May 17 2011

Google NFC software engineers, while touting the “dozens” of NFC phones in the pipeline and prospects for compelling applications using tag reading and peer-to-peer communication, downplayed use of Android phones for payment with secure chips.

Two top Google NFC developers, Nick Pelly and Jeff Hamilton, speaking at the Google I/O conference yesterday in San Francisco, told Android developers attending a session on NFC not to expect application-programming interfaces, or APIs, to access the secure element on Google’s Nexus S or other Android NFC phones anytime soon.

Pelly, who led the presentation, “How to NFC,” and who appears to be a technical lead for NFC at Google, said Google has yet to introduce any APIs for card emulation because the company can’t yet ensure a “compelling” user experience when consumers tap their phones to pay using an application stored on a secure chip. He and Hamilton said there probably won’t be any APIs in the near future available to developers in software development kits.

If true, this could potentially delay the introduction of applications that would enable Android NFC phones to be used in card-emulation mode, that is, acting like contactless debit or credit cards, transit tickets or door keys.

But some industry experts are casting doubt on Google’s reluctance to support card emulation in Android phones.

After all, Google ordered the Nexus S with embedded secure chips, the PN65 from NXP Semiconductors, which can store applications. The NFC controllers in the phones also support applications for card emulation on SIM cards.

And there is little doubt that Google is developing an NFC mobile wallet to store payment and is building an m-commerce infrastructure that could deliver advertisements and targeted offers to consumers in and around the physical retail point of sale. A key piece of this m-commerce initiative is payment, for which Google would work with banks and established payment networks. Sources have said that among these are U.S.-based Citigroup and MasterCard Worldwide.

MasterCard: Card Emulation for PayPass Available
MasterCard, while not confirming that it is working with Google on NFC-based payment, told NFC Times in a statement that it fully expects to soon see PayPass rolled out on secure elements in NFC phones and for the applications to work with the hundreds of thousands of POS terminal readers that support PayPass worldwide and those to come.

Secure elements in the phones “provide the security necessary to protect the payment information,” noted a spokeswoman.

“MasterCard believes that the elements required for commercial deployment of MasterCard PayPass on mobile devices are available.”

She added that using NFC in peer-to-peer mode could enable MasterCard to offer other innovative services.

Despite the statements of the top NFC software engineers, Google might already be preparing to support card emulation and the embedded secure chips in its Nexus S phones, according to one Austria-based NFC researcher, who has monitored the NFC support in Google’s Android operating system.

He said the latest version, Android 2.3.4, contains commands to access the embedded chips. And he believes that Google itself wants that access.

“It’s an internal API, an API that is not public to anyone but limited to a certain group who has access to this,” Michael Roland, research associate at the Upper Austria University of Applied Sciences in Hagenberg, Austria, told NFC Times. “I think this group is limited to Google.”

It was not entirely clear from the Google presentation yesterday what problems applications using card emulation could cause. But Pelly seemed to say that card emulation would force NFC hardware on the phones to support a range of different contactless protocols now used on contactless cards. That would include both types A and B of the international ISO/IEC contactless standard, as well as proprietary contactless protocols.

In response to a question from the audience of developers, Pelly added that NFC chips “typically are going to be able to emulate only one of those RF technologies.

“So as an application developer, you don’t know which one is deployed to the phone,” he said. “I guess until we see the industry standardized around maybe one RF-level technology, or if we see NFC controllers able to support multiples of those, I guess what we are hoping is that everyone is moving to peer to-peer.”

P2P Unlikely for Bank Payment
But to another question, Pelly acknowledged that he knows of no major P2P NFC applications that have been developed for payment.

And the major card networks, such as Visa Inc. and MasterCard, are unlikely to accept the security now available in P2P mode for their contactless payment applications, payWave and PayPass.

They require those applications, along with the encryption keys that safeguard them, to be stored on secure elements and to interact in card-emulation mode with their standardized contactless point-of-sale terminals.

PayWave and PayPass applications are already being developed for both embedded chips, SIM cards and potentially other secure elements that could work directly in Android NFC phones, such as microSD cards.

Other service providers are planning to use card emulation in NFC phones to support such proprietary contactless protocols as Mifare for transit fare-collection and access control.

NFC Accounting and tax software provider Intuit, has been demonstrating a P2P payment application on Nexus S phones at the Google I/O conference as a possible expansion to its smartphone-based mobile-payment service, GoPayment.

But Intuit has called the NFC application only a “concept,” though has plans to introduce it. A spokeswoman told NFC Times the application simulates a prepaid debit card and uses a proprietary security scheme that the company declined to elaborate on.

Update: Rémy de Tonnac, CEO of France-based NFC chip supplier Inside Secure, noted that Google has joined the NFC industry relatively recently and may not know the standards and engineering work done on card emulation over the past several years.

“We are surprised that these guys are saying card emulation is not working," he told NFC Times. "We know that card emulation solution is working real fine, in type A and type B.” End update.

Android ‘Army’ Doesn’t Need Card-Emulation APIs
But Google has a point that there is some fragmentation in support among NFC chips and secure elements for the various contactless technologies used with applications in card-emulation mode, according to Einar Rosenberg, CTO for U.S.-based NFC application developer Narian Technologies. The industry is addressing those issues, especially on the NFC chip side, he added.

In any case, the main applications that will use card emulation–payment, transit ticketing and access control–were never meant to be open to the tens of thousands of Android developers who build apps for Google’s app store, Android Market, said Rosenberg. The security required for these applications means relatively few application developers will design the apps for the phones and fewer still for the corresponding applications on the secure elements.

So it is not so important whether Google publishes APIs for access to the secure elements.

“The army of Android developers are, for the most part, the independent innovators, not the big corporate conglomerates,” he said.

The real problem for card emulation could come if contactless applications are stored on different secure elements in the same NFC phone, said Christian Andresen, head of the NFC business unit for Germany-based Stollmann, which develops NFC middleware that runs on phones. The industry has yet to put standards and procedures in place to tell either the phone or contactless reader which secure element to communicate with.

But he said he doesn’t know of problems for NFC supporting the various protocols for card emulation.

“I would say, NFC is ready for card emulation,” he said.

Pelly and colleague Jeff Hamilton, however, were referring to potential problems for card emulation from even one secure element in an Android phone. And they have other concerns.

“To talk to the secure element, even from an application on the phone, you need to authenticate yourself properly,” said Hamilton. “And if you improperly authenticate yourself a certain number of times, there are secure elements that will physically destroy themselves and can never be recovered. So that’s something that we really think would be a bad experience for users.”

‘Zero-Click Sharing’
While Pelly said card emulation is the most popular topic in Google’s Android developer groups, it’s obvious he prefers the cleaner standards and less fragmentation expected for tag-reading and P2P applications.

Among those he and Hamilton demonstrated yesterday were enabling users to share apps, play games and transfer YouTube videos just by tapping their devices together. In one demo, they showed a tablet computer running Android and specially “hacked” to support NFC that could beginning playing a YouTube video transferred from a Nexus S phone. In the demo, the developers synced the video from the phone to the tablet with a simple tap, and the video starting running on the tablet at the exact point it was rolling on the Nexus S.

Pelly said Google would also support this kind of “zero-click sharing” in Ice Cream Sandwich, its planned successor to the Android-Gingerbread operating system.

'Dozens of Phones in the Pipeline'
The first question from developers during the Q&A session following the presentation did not concern APIs or secure elements, but the availability of Android NFC phones.

“We do know personally of dozens of phones in the pipeline for 2011 that are going to have NFC, so don’t worry, they will come, as well,” said Pelly.

That may be an exaggeration, however, since aside from the Nexus S, which hit the market last December, only one Android NFC phone model has been announced to date, the Galaxy S II from Samsung.

Other Android models are expected this year, including one or more each from LG Electronics, HTC and perhaps ZTE. Samsung is also expected to introduce more NFC phones. But most of the new Android NFC models are expected in the third and fourth quarters.

Operators in France and Taiwan told NFC Times in recent weeks that they expected only about 10 NFC models by the end of the year, not all of them Android phones.

NXP Semiconductors, the main NFC chip supplier to Android handset makers, estimates it had 40 NFC phones in the pipeline that would come to market over the next several months, according to internal estimates, NFC Times has learned. But not all of these will be Android smartphones.

Update: It remains to be seen when the Android phones will support card emulation, but with rollouts planned this year by telcos and banks that feature NFC-based payment, they will need to access the secure elements in the phones soon. 

“Google is caught in a dilemma, in that it is trying to drive new products and services using NFC technology, but as the implementation of the technology is not mature, the customer experience cannot be guaranteed at this stage,” said Tim Jefferson head of UK-based mobile consulting firm, The Human Chain. He agrees that NFC's tag-reading and P2P modes can offer compelling apps, but adds: “What is really critical for mass take-up of NFC payment in mobile handsets is that the suitable developers for payment products and services gain access to the API's for card emulation.” End update.

HEADLINE NEWS

Exclusive: Share of Contactless Rides Paid for with Apple Pay and other Pays Wallets in Manchester More than Doubles in Two Years

Transport for Greater Manchester in the UK is the latest transit agency seeing substantial growth of contactless open-loop fare payments from NFC mobile wallets–with the percentage of its contactless tram trips paid for with Apple Pay, Google Pay and other Pays services more than doubling over the past two years, NFC Times' sister publication Mobility Payments has learned.

Fifth Transit Agency to Conduct Open-Loop Payments Trial, Testing California’s ‘Mobility Marketplace’

California transit agency Santa Cruz Metropolitan Transit District said it plans to launch a pilot of contactless open-loop payments in early 2022, as it seeks to increase customer convenience and reduce use of cash on board its buses, NFC Times' sister publication Mobility Payments has learned.

In-Depth: Contactless Transactions Soar, but Transport for London Affirms that Oyster Will Remain Payments Option

Contactless open-loop payments have surged in recent months for Transport for London, returning to their steep growth trajectory before the pandemic, and now account for 70% of all pay-as-you-go, or PAYG, trips on the London Underground and two-thirds of PAYG trips on buses. And contactless has surpassed 50% of all trips–including those made with season tickets (see chart below).

Transport for London to Offer Weekly Fare Capping with Oyster Cards; Move Expected to Drive Even More Riders to Pay as You Go

In a move expected to make Transport for London’s pay-as-you-go model even more dominant and further erode support for season tickets and other period travel passes, the agency today said it will i

Sydney Transit Official: Opal Card Not Going Away, Despite Growth of Contactless

Sydney-based Transport for New South Wales, Australia’s largest transit agency, has no plans to phase out or de-emphasize its closed-loop Opal card, despite strong adoption of contactless open-loop

Dallas Latest City in U.S. to Accept Open-Loop Fare Payments

Dallas Area Rapid Transit, or DART, has become the latest transit agency in the U.S. to accept contactless open-loop payments, joining just four other U.S. agencies that support the technology, not counting small open-loop pilots happening in California.

While Interest is Growing in Going Cashless in U.S., Few Agencies have Accomplished the Feat So Far

The Greater Dayton RTA, which this month stopped accepting paper passes and tickets, will hit its Nov. 1 deadline to go completely cashless on board its vehicles, an agency representative confirmed to Mobility Payments.

Germany’s Largest Transit Operator Continues with Large Open-Loop Pilot on Buses; No Decision Yet on Rollout

Germany’s largest transit operator, BVG, said its pilot of contactless EMV payments extends to all of its nearly 1,500 buses, and the company has eliminated cash acceptance on board the vehicles, a spokesman confirmed to Mobility Payments. But officials in Berlin have not yet decided whether to make the contactless payments service permanent, he added.

Fairtiq App Sees Rising Usage as Covid-Era Riders Demand More ‘Touchless’ and PAYG Fare Options

Switzerland-based start-up Fairtiq said transactions for its fare-payments technology have more than double since February, as Covid-wary riders continue to seek what they consider to be more hygienic payments methods, as well as more pay-as-you-go options.

‘No Way We were Going to Ask for Half a Billion Dollars…’

Unlike other major transit agencies in the U.S., which have spent hundreds of millions of dollars replacing or upgrading their fare-collection systems, the Los Angeles County Metropolitan Transportation Authority has taken a different approach.

Apple's Digital Driver’s License Initiative Not Only One Progressing in U.S.

NFC TIMES Exclusive Insight – Eight U.S. states will soon allow residents to store a digital version of their driver’s license or state identification card in the Apple Wallet, the tech giant announced, noting that the Transportation Security Administration, or TSA, will accept the digital ID at airport security checkpoints and lanes. 

UK Bus Operator Go-Ahead Reports Cash Usage has Plummeted Because of Covid, While Contactless Transactions have Surged

The Go-Ahead Group, one of the big five privately owned public bus operators in the UK, said today it has seen cash usage on board the nearly 3,000 buses it runs in England outside of London fall to 23% of transactions, down from 53% three years ago.