WHITE PAPER ON THE APPLICATION OF NFC TECHNOLOGY IN PUBLIC TRANSPORT. Public Transport ITS Committee VALIDATED

Size: px

Start display at page:

Download "WHITE PAPER ON THE APPLICATION OF NFC TECHNOLOGY IN PUBLIC TRANSPORT. Public Transport ITS Committee VALIDATED"

Shon Jefferson
6 years ago
Views:

1 WHITE PAPER ON THE APPLICATION OF NFC TECHNOLOGY IN PUBLIC TRANSPORT VALIDATED Public Transport ITS Committee first EDITION. DECEMBER 2013

3 White paper on the application on NFC technology in the public transport 3 Asoc. "Foro de Nuevas Tecnologías en el Transporte, ITS España" C/ Serrano, 216-1ºdcha Madrid 1st edition ISBN 10: ISBN 13: Printed in Spain 3

4 4 White paper on the application on NFC technology in the public transport 4

5 White paper on the application on NFC technology in the public transport 5 WHITE PAPER ON THE APPLICATION OF NFC TECHNOLOGY IN PUBLIC TRANSPORT 5

6 6 White paper on the application on NFC technology in the public transport 6

7 White paper on the application on NFC technology in the public transport 7 CONTENTS INTRODUCTION CONTENT & PURPOSE SCENARIO What Can NFC Technology Do in Public Transport? Comparison with Other Technologies Scenarios, Elements and Stakeholders Specific Characteristics for Public Transport THE TRANSPORT CARD IN THE MOBILE PHONE Introduction Architecture Processes & Equivalences Specific Requirements & Implications Recommendations for Transport Companies PAYMENT & CHARGING OF REMOTE TICKETS Introduction Architecture Issues Definition of actors / Participants Secure Element SECURE ELEMENTS & TSM Introduction Issues Sector Requirements & Needs TSM Definition TSM Functions Introduction to Business Models Transport Companies. What Steps Need to Be Taken to Implement an NFC Service? Secure Elements Recommendations

8 8 White paper on the application on NFC technology in the public transport 6. TEST SUITES Introduction Issues Test Areas Development of the Tests BUSINESS MODEL / COMMERCIAL IMPLEMENTATION Introduction Development Alternatives & Needs for Implementation Client-Provider Relationship PRODUCT LIFE CYCLE Introduction & Purpose Differences When the Card Is in the NFC Mobile Phone Card Life Cycle Ticket Life Cycle Summary of relevant cases BARRIERS TO NFC IMPLEMENTATION IN PUBLIC TRANSPORT Introduction Technological Barriers Social & Cultural Barriers Economic Barriers Operational & Administrative Barriers Accessibility Barriers CONCLUSIONS ACKNOWLEDGEMENTS GLOSSARY FAQs

9 White paper on the application on NFC technology in the public transport 9 INTRODUCTION The aim of this White Paper is to create a reference guide to assist all those persons, companies and institutions interested in public transport and seeking systems in the socalled new technologies that, within a sustainable economy, can help to improve the quality of the public transport service provided to citizens, in the taking of decisions. Mobile phone environment-developed technologies have turned mobile phones into smart terminals with PC-equivalent functional capacities. Furthermore, they have the significant added value of their portability as well as the possibility of their use without any time and space constraints beyond those imposed by the radio coverage required, but even these will be surpassed in the near future by satellite coverage. NFC (Near Field Communication) technology is one of those developments applied to the mobile phone that enable it to interact with other devices. In this case, interaction is carried out by means of a wireless technology-compatible communications protocol based on Standards ISO A and B, already applied in public transport for the use of contactless smart cards. Contactless smart card implementation has required significant financial investment as far as access control equipment, payment forms and management systems are concerned. NFC might help optimize these investments already made. NFC can therefore guarantee the compatibility of the different functional requirements already called for by the different contactless card applications previously implemented: vandal-proof and personal data security, versatility, growth capacity and compatibility with other applications. NFC is now a technological reality, and public transport an indisputable economic and social necessity. Economic growth is not possible without quality public transport, and quality has a by no means negligible cost. On the other hand, public transport funding requirements, indispensable for improving the service provided, cannot ignore the opportunities offered by new technologies. The NFC-enabled mobile phone offers the chance for the mobile phone to act as a contactless virtual card, with the additional capacity of providing real-time information to the user of the transport tickets content contained therein. The NFC-enabled mobile phone will allow the user to pay, charge and top-up different types of transport tickets on the virtual card, thus promoting the use of public transport. Recent experience tells us that these services will be further extended as other actors, new to the public transport environment, offer other interesting applications for users. In view of all this, the content of this White Paper is proposed, as indicated at the beginning, as a reference guide for applying this NFC technology, inherent in mobile phones, to public transport. Throughout this paper, emphasis is placed on the optimization, compatibility and utilization of existing infrastructures. The challenges and economic opportunities offered by the implementation of these technologies are also identified. 9

10 White paper on the application on NFC technology in the public transport In the last chapter, reference is made to all the people who have taken part in the development and final outcome of the

10 10 White paper on the application on NFC technology in the public transport In the last chapter, reference is made to all the people who have taken part in the development and final outcome of the White Paper. However, special mention has to be made of those who have carried the full weight of coordinating the different contributions: Gregorio Haro Javaloyes (Agencia Valenciana de Movilidad, Generalitat Valenciana), Carme Fàbregas Casas (ATM Barcelona), Enrique Palma Villalón (Palma Tools), Belén Arranz Pintado (Oberthur), Julio Morales Pou (Oberthur), Pedro Martínez (NXP Semiconductors), Carlos Paternain (NXP Semiconductors), Miguel Cardo Rodríguez (Fidesmo), Francisca Merchán Higuera (Ericsson), Bertrand Saby (GEMALTO), Jaime Boneu Suárez architectural studio (graphics), Jaime Huerta Gómez de Merodio (ITS España) and Javier Díaz (BBVA). In short: In this Paper, the new functions incorporated into the basic capacities of mobile phones, especially those known as smart phones, are reviewed and related. A comparison of NFC technology with other wireless ones is included, in order to obtain a clear view of which are the new opportunities offered by NFC, and why technologies such as Bluetooth or Wi-Fi are not valid for the purposes defined herein for public transport. The new technology architecture included in NFC-enabled mobile phones is described. The security elements, indispensable in a public transport system, are defined, and which must be independent from planned obsolescence in mobile phone devices. Security cannot have planned obsolescence. This should never be so, but especially in the case of public transport, given the social and economic impact that this would have. The new actors taking part in this new NFC/Public Transport ecosystem are identified. The business model is analysed. Lastly, the most frequently asked questions (FAQs) arising when integrating new technology systems in spaces of consolidated use and huge social impact, as is the case of public transport, are included. Mr Antonio Rubio Fernández Chairman of the ITS Spain Public Transport ITS Committee 10

11 White paper on the application on NFC technology in the public transport CONTENT & PURPOSE It is nothing new to say that, nowadays, the additional capabilities gradually incorporated into mobile phones, together with the advance in mobile phone network data communications as well as the host of services being currently developed for these devices, have made the mobile phone an essential item for citizens. In just a few years we have gone from using a phone terminal to a multi-application device that allows its user to have anywhere-anytime voice and data connectivity. This makes it possible for the mobile phone to become a very useful element for public transport, for the different agents providing the public transport service (operators, authorities and transport consortiums) and, obviously, public transport users themselves. Therefore, public transport service providers are able to have a real-time communication element with the user at a relatively low cost (communications cost) and the users, as they have a mobile phone terminal, can be dynamically informed of everything going on in this public service. By way of example, at many city bus stops nowadays it is possible to obtain information by SMS text message on when the next bus is due, or find the best public transport route using Google Transit (a Google Maps option that tells you how to get from one place to another by public transport). In this context where a mobile phone can connect via the mobile phone network (GPRS, 3G or 4G), by WIFI or Bluetooth, it may seem impossible to think that this terminal could require any other additional communication channel. However, as is often the case with mobile phone technology, a new communication alternative has arrived that has already been implemented in most Smartphone -type terminals in the market, and will soon be implemented in the rest, and which is of particular interest for public transport: NFC technology. Before explaining what NFC can do in public transport, it is important to consider what this technology is and where it comes from. To do so, we must go back to the Nineties. This was when the use of contactless cards became more commercially widespread, their first major application being in public transport. However, when contactless cards started being used as a means for storing transport tickets, mobile phones had not yet reached commercial maturity for their distribution to the public at large; it was not until the end of this decade that they started to become rapidly and unstoppably popular. It was then that engineers at Philips and Sony thought about the possibility of transferring the chip contained in contactless cards to NFC-enabled mobile phone devices. NFC means Near Field Communication. It is important to highlight one of this communication technology s great differences regarding the rest: it is easy to use and intuitive. Thanks to its contactless card technology, with one single touch we initiate communication and can make a transaction, without the need to enter any codes or data. 11

12 12 White paper on the application on NFC technology in the public transport Precisely the fact of transferring that contactless card to the NFC-enabled mobile phone extends the possibilities offered by contactless technology, retaining its security and user-friendliness, as well as contributing to overcoming certain contactless card limitations, such as: - The card s incapacity to interact other than through a reader especially enabled for that purpose, being able to say that it is a blind card for the user. - The need to have a terminal/reader to provide the power supply necessary for operating through the reader s own field. - Due to its design and conception, it has a limited processing capacity, although this aspect has evolved favourably over time. When we transfer the contactless card to the mobile phone, the aforementioned limitations disappear, as the mobile phone has: - A screen and a keyboard, which allows secure interaction with the content of the contactless card integrated in the mobile phone. Said keyboard also allows the user to log into the application entering a PIN or passcode. - A battery, supplying power to get contactless card information on the mobile phone. - High processing capacity added by today s mobile phones. - Global connectivity that allows real-time updating of the information contained in the applications by accessing servers and/or remote databases. In addition to contributing to overcoming said limitations, not only does the fact of transferring the contactless card to the mobile phone enable the device to act as a contactless card, as NFC has been designed to permit other operating modes, but the mobile phone can also be a reader. Going back to the contactless card, we always have the same communication scenario: the card is waved over the terminal/reader and the latter receives energy from the magnetic field generated. The terminal/reader always initiates communication, which is based on commands emitted by the terminal/reader and responses to said commands by the card. Therefore, one can say that the contactless card is a passive element. However, when we incorporate the contactless card functionality into the mobile phone, the following operating modes arise: - The mobile phone behaves exactly the same as the contactless card, i.e. as a positive device. This operating mode is called Card Emulation. - The battery enables the mobile phone to also act as a terminal/reader, generating the magnetic field necessary for supplying contactless cards or tags (the latter are like contactless chips that allow data to be stored) and thus interact with them: the mobile phone becomes an active device. This operating mode is called Read&Write. - As we enable mobile phones with NFC technology, the possibility exists of establishing a peer-to-peer connection between them to exchange data. In this peer-to-peer communication, the device that was responding to the other s commands may send commands and vice versa. This operating mode is called Peer2Peer (P2P). 12

13 White paper on the application on NFC technology in the public transport 13 Now we can understand the importance of NFC expansion and the removal of the constraints that contactless card technology had. Without going into technical details, what is relevant here is that this communication channel allows close-range fast and secure communications and transactions to be carried out, thus making the development of new services possible, some of which are listed below: o It allows the client to read the data charged on the travel card as balances and also real-time top-up at any time. o It makes currently-implemented services easier (e.g. access to bus information at stops, network information, request top-ups, etc.) without the need for any technical knowledge (for profiles such as the elderly, low computer literacy level, etc.) o It provides direct access to public transport using the mobile phone. o Transport personnel can check the cards or carry out inspections with simple and flexible equipment and at a lower cost. o Simple information devices can be installed at stops. All the aforementioned is of great interest to public transport, and there is no doubt that it will become a reality in the coming years, driven by user demand, as well as due to an improvement in the service level offer pursued by transport organizations as what has been described above materializes. At present, a significant number of experiences are under way all over the world regarding the use of this technology, some of them having already been commercially consolidated. This may lead to some confusion, giving the idea that its massive implementation is already a reality and that it is also very easy to carry out. However, it must be made clear that the deployment of these services based on NFCenabled mobile phone terminals in general offers certain complexity, resoluble in any case, due to factors of all kinds: the plurality of the agents involved (transport authorities, mobile phone operators, mobile phone manufacturers, financial institutions ), undisputed leaders in their different business sectors, who must make a firm commitment to seek homogeneous technical and operating models, as well as to define sustainable economic models that provide benefits for all sides involved, including the users themselves: As public transport is governed by very different rules to those applicable in open and business sectors, it has a particularly specific business model, which is going to require an adaption to the ad hoc NFC technology by the rest of the agents involved. That the mobile phone terminals, SIM cards and chips involved are manufactured on a global scale (development of chips, platforms, operating systems, etc.) where the European level may fall short, which might entail a more complex process to close the associated models. That currently-implemented systems do not comply with industry s de facto and official requirements and standards, and therefore not be deemed valid for the final model. 13

14 14 White paper on the application on NFC technology in the public transport The problems of a great deal of the current ticketing systems that might potentially become compatible with this technology but which in many cases require the revision and updating of different elements, and that the current circumstances of budgetary strangulation may slow down implementation. That many models have to be closed so that the whole ecosystem may work, such as: o The technical model on which the user can change mobile phone, operator, bank, card, etc and all this can be done from their mobile phone. o An operating model of all the processes associated to the card s life cycle and compatible with what already exists, including the procedures and roles of each element of the system. o An economic model appropriate for all the participants in the value chain that fits each sector s needs. o A clear legal model of customer relationships and responsibilities as standardized as possible, which may imply official legal changes or changes in internal transport regulations. Progress is being made at a very fast pace to resolve the above-mentioned issues, such as, for example, the fact that there are currently around 200 NFC-enabled mobile phone terminal models worldwide, of which more than a couple of dozen are already very close to the technical model required for public transport use. Furthermore, it is important to point out that NFC is not a specific technology for public transport, but it covers a plurality of services that may benefit from it, so, currently, simultaneous progress is being made in other sectors, such as banking, leisure, health, ticketing, and where there are major stakeholders like SONY, SAMSUNG, GOOGLE, MICROSOFT, IBM, different financial institutions, Visa and Mastercard, and, of course, global mobile phone operators. These organizations are preparing to position themselves for the looming change and to capture the largest market share possible. However, this paper does not intend to analyse all the possible uses of NFC-enabled mobile phone terminals, not even all the ones that can be made in public transport. Its aim is to provide information to whoever may be interested in learning more about a very specific part of this technology s use, which is making it possible for a public transport client who has an NFC-enabled mobile phone to virtualize their travel card on it, being able to store their tickets and balances on that card with all the advantages entailed. The NFC in Public Transport Working Group has found it necessary to draw up this Paper, detecting how, since its creation, the current information available regarding this technology is disperse and not very well focused, and sometimes even unrealistic as far as the specific case of its application to public transport is concerned. This is why it decided to include the drafting of this paper as part of its activities and to continue analysing and discussing the best ways to get the most out of NFC-enabled mobile phones in this sector in Spain. Furthermore, in addition to what is discussed above, the possibility of an NFC-enabled mobile phone allowing clients to consult their travel card will be briefly addressed, since one of the weaknesses, according to present-day transport smart card users, is not being able to consult their content (tickets, journey balance, record, etc.), something that, curiously, could be done with magnetic stripe tickets. Another one of 14

15 White paper on the application on NFC technology in the public transport 15 the users observations is also to consider the possibility of being able to top-up their travel card themselves over the mobile phone. Finally, we would like to encourage you to read this paper, which we hope will achieve the objective for which it has been drawn up, thanking you for any opinion, recommendation, correction or contribution you wish to send us at We remind you that your personal data will be adequately safeguarded and not used without your express consent. 15

16 16 White paper on the application on NFC technology in the public transport 16

17 White paper on the application on NFC technology in the public transport SCENARIO 2.1. What Can NFC Technology Do in Public Transport? ACCESS INFORMATION NFC technology provides the ability to read Tags. NFC Tags are passive-mode microchips that store data. When they are read, access is gained to Internet content, applications, coupons, etc For example, a public transport company installs a tag at a bus stop that will provide access to contents such as: real-time transport information, network incidents detected (delays, temporary closure of stops, road works diversions, timetable changes ), or local information, nearby services, etc Likewise, a bus shelter with publicity in a city can provide additional content or videos with different types of information, e.g. about a specific museum or exhibition, a cultural or artistic event, a restaurant or any event in general. 17

18 18 White paper on the application on NFC technology in the public transport It also makes it possible to consult information such as the balance available, the zones where the ticket is valid or its expiry date, the estimated journey time, any incidents, the situation and status of the different metro lines, an interactive map, a system that enables you to calculate the best itinerary to a destination, the required connection time at a station or the weather outside. And all this conveniently from your mobile phone, Tablet or any NFC technology-friendly device. ACCESS APPLICATIONS Applications can be installed in the mobile phone terminal and allow users to perform the following transactions: Consultation: - Check available journeys balance - Check zones applicable - Check expiry date Top-up - Selection of the number of journeys to be bought or the balance to be toppedup. - Selection of number of zones - Check business limitations EMULATE A CONTACTLESS CARD NFC technology applied to a mobile phone terminal makes it possible to replace plastic payment cards, tickets, loyalty cards, transport tickets, and act as an access management key, like a contactless smart card. The phone becomes a pass for travelling by bus or train, as users can store their tickets on the SIM card or any other secure place on the mobile phone terminal. VISUALIZE A CONTACTLESS CARD The mobile phone allows us to see the tickets stored on a screen. The last top-up date, as well as the ticket expiry date, balance and number of journeys available, the number of zones applicable can all be consulted. TOP-UP Tickets can be easily topped-up from the mobile phone terminal, using online top-up applications. The top-up amount can be associated to the bank account or card or even the mobile phone operator bill. Payments can be made from the mobile phone itself, with no need to carry around extra weight in your wallet for shopping. An automatic balance control can also be activated as well as an automatic top-up request. 18

19 White paper on the application on NFC technology in the public transport 19 MANAGE DIFFERENT CARDS IN THE SAME MOBILE PHONE AND TRANSACTIONS BETWEEN THEM Since this technology allows several transport cards to be stored in our mobile phone s virtual wallet, an application that enables their management and interaction is required. Therefore we can exchange balances or trips from one card to another one. CONTACTLESS CARD TOP-UP POINT NFC technology allows secure payments over the mobile phone, as well as the provision of services to third parties. So, with our mobile phone, it will be possible to topup third-party transport cards (e.g., our son s). Furthermore, from a business standpoint, it is possible to create a top-up point application that, once it has been installed and activated in the phones of merchants in a zone or association, they may work as a sales network with minimum costs as far as maintenance and investment in infrastructure terminals is concerned. CONTACTLESS CARD READER It allows us to view the information on transport tickets purchased on other contact cards external to our mobile phone terminal Comparison with Other Technologies NFC DESCRIPTION 1. As indicated at the beginning of this Paper, NFC (Near Field Communication) is based on inductive coupling with a magnetic field, where two patch loop antennas are placed in their respective nearby fields. It operates at MHz, which means no restriction is applied and no license is required for its use. This technology is regulated by standard ISO/IEC 18092:2004,in turn, based on standard ISO-14443, the latter being the one used by most public transport contactless cards worldwide. As an exception to the above, we would like to point out that the FELICA communication mode, widely implemented in Japan and some other neighbouring countries, represents the only group of contactless cards used worldwide that does not comply with standard ISO but which is NFC-enabled. 19

20 20 White paper on the application on NFC technology in the public transport However, in order to understand this communication channel better, it is convenient to compare it with the communications currently implemented on mobile phone terminals (GPRS/3G, WIFI/WIMAX and Bluetooth) and analyse the differences from the standpoint of its use for access to public transport, which features the following characteristics: Transaction distance: NFC is very short range, 10 cm, while other technologies are much longer range (Bluetooth: m, WIFI/WIMAX: 300m-50,000m, GPRS/3G: 2,000-40,000m). This means that to set up communication, it is necessary for the user to perform a voluntary action, and therefore it is not designed to receive data, communications, or to be used for messaging, but for public transport access, which must be a voluntary payment action. Data transmission speed: Transmission speed is up to 848Kbit/s, a reasonable data channel, but not superior to the data channels used by other technologies (Bluetooth 2Mbit, WIFI 54Mbit/s, GPRS/3G 48Kbit/s-14Mbit/s). It is therefore not a channel that maximizes the amount of data to be transferred, but it has the speed required to transfer transaction data quickly enough. Connection set up time: In every communication process there is a time in which the two elements or devices exchange messages until it may be said that they are linked and can start to exchange data. Here the difference regarding other technologies is made clear. Communication set up time is between 5 and 50 milliseconds, clearly less than the average times of other systems that are more than that, since they are measured in seconds. Connection reliability: This is another aspect in which NFC communication differs from the rest. Without going into specific values, there is a high guarantee of communication going to be made (both communication set up and execution), which cannot be said for other types of communication, especially Bluetooth. This, logically, is of great importance, not only for its use in public transport, but also if one wishes to gain access to a mass event (e.g. a football match) or make a credit card payment. Interference resistance: One of the problems of communications are the interferences and existence of signal inhibitors (for example, we only need look at the case of not being able to open a vehicle with the remote control when we are near a place with security measures.) However, NFC inductive coupling communication is tremendously resistant to most of these interferences, which also explains its reliability. Compatibility with current public transport infrastructure access: One of the advantages of this communication technology is that it is based on standard ISO 14443, which regulates contactless card communications in public transport, and so NFC is fully compatible with the current infrastructure existing for access to public transport (or with slight modifications normally of software/firmware), 20

21 White paper on the application on NFC technology in the public transport 21 so that it drastically reduces investments for users to be able to travel using their mobile phone. None of the other technologies has such widespread implementation in public transport, and if it has, it is for uses other than access, since they are technologies that, as mentioned before, are not reliable for that purpose. Compliance with the transaction times required for access to public transport: The fact of being a type of communication with an extremely short and reliable connection set up time, as well as an acceptable bandwidth, means that with NFC technology, transactions can be made within ms, which are the times required in public transport. Other technologies cannot reach those times, mainly because their connection set up time is much slower and connection cannot be guaranteed, which is an essential requirement for public transport. On the table below, we have a summary of the comparative details: Concept NFC Bluetooth WIFI GPRS/3G Transaction distance 0.1m m 300m- 40km 1km-35km NFC observation for public transport Intended for a voluntary action Transmission speed 848kbit/s 2Mbit/s 54mbit/s 14Mbit/s Acceptable speed Connection set up time 20 milliseconds 6s 2s 1s Extremely fast Connection reliability Extremely high Low Medium Medium Extremely reliable Robustness against interferences Extremely high Normal Normal Normal Extremely robust Compatibility with transport infrastructures Almost total Zero Zero Zero Compliance with transaction times Total No No No Compatibility with infrastructure Acceptable transaction times In short, NFC communication has specific characteristics that make it ideal for making transactions, readings or transactions that are quick, reliable and robust, being compatible with public transport access control infrastructure, with slight modifications, and fulfilling the times required. 21

22 22 White paper on the application on NFC technology in the public transport 2.3. Scenarios, Elements and Stakeholders The fact of implementing NFC technology in public transport will entail the appearance of new elements and stakeholders, which must be explained and understood. These new elements and stakeholders do not appear for no apparent reason, but have a specific function and bring added value to the process chain resulting from the use of this technology In this section we are going to compare the current contactless card issue and use scenario with the scenario generated with NFC implementation. CONTACTLESS CARD TRADITIONAL SCENARIO The current contactless card issue and management scenario is well established and standardized. The role of the different stakeholders and elements is clearly assigned, and their tasks, roles and business model are well-defined and leave no room for doubt. In the current scenario, the public transport user applies to the corresponding company for the corresponding contactless card, which is personalised with the data and ticket requested by the user, and delivered to the latter. Once the user has the card, he/she uses it to travel by public transport. There are two major points to be highlighted regarding the contactless card: 1) The personalisation of the card is done physically on it and before it is delivered to the user that has requested it. 2) The company issuing the contactless card has a contactless card supply channel. The stakeholders taking part in the contactless card issue are part of the supply channel, and are the following: - Chip manufacturer: produces the microcircuit (chip) that is in the contactless card and stores the corresponding transport application. - Contactless card manufacturer: obtains the microcircuit from the chip manufacturer, adds the antenna to enable external communication, and bonds it in plastic or paper to make the card. This stakeholder usually pre-personalises the card, i.e. generates application structure in the chip without the user s data. - Transport company/card issuing company: obtains the pre-personalised cards from the card manufacturer, and once the user applies for the service, personalises the card with the specific data required. - End-user: obtains the personalised contactless card with the requested transport ticket, ready for use. The figure below shows a brief outline of what is described above regarding the issue of contactless cards. 22

23 White paper on the application on NFC technology in the public transport 23 If we look at both the physical flow of the material (contactless card) and the logical flow (transport application), we shall see they follow the same path and the same company is the owner (transport operator). We shall see that this, which today might seem obvious and perfectly normal, will be different when NFC is implemented, and to a certain extent is from where the new stakeholders taking part come from, as well as the added complexity, complexity that will ultimately lead to benefits for the transport operator, and, of course, for users. SCENARIO WITH NFC The first and most immediate effect entailed in adopting NFC for public transport ticketing is the transfer of the contactless card chip to the mobile phone. That chip now supports multiple applications and is called the secure element. With NFC, the traditional contactless card scenario can no longer be applied, as new stakeholders and elements come into play that will modify the business model established until now. There are three major points to be highlighted with NFC: 1) The transport company no longer owns the physical means where the transport application will be stored (we remind you that before it did own the card). In NFC, this means is called the secure element. 2) The user possesses the means for storing the transport application long before requesting the service from the transport company. 3) The secure element flow (physical flow) and the application flow (logical flow) follow different paths. The appearance of new elements such as the NFC device and the secure element, as well as the transport company s need to make its application reach the secure element of the applying user s mobile phone terminal, will necessarily mean that new stakeholders not present today in the current contactless card scenario will emerge. In order to simplify as far as possible, we are going to talk about two scenarios. The first scenario corresponds to the physical flow. When delivering the secure element to the end-user final the following stakeholders appear: - Chip manufacturer: produces the secure element that will store the transport application - NFC device manufacturer: is the manufacturer of the device that will provide the NFC functionality and which will contain the secure element - Secure element issuer: is the company to which the secure element belongs and is therefore responsible for said element s remote management, as well as having the power to decide which applications are going to have access or not to this element. - User: has the NFC device and the secure element. More details will be given in the section on secure elements, but it is worth mentioning that there are three types of secure elements: o o o The embedded element that the NFC device manufacturer will include in the device and of which it will be the owner, The SIM card (USIM) that will be the property of the mobile phone operator, Or the micro SD card, which will be the property of the services provider. 23

24 24 White paper on the application on NFC technology in the public transport Depending on who is the owner of the secure element (terminal manufacturer, mobile phone operator or services provider), different business models may be established and the physical flow for delivering the secure element to the end-user may vary slightly. In this scenario in question, maximum simplification has been made abstracting the roles that will exist. At the end of this flow, the user has the NFC device and the secure element. He/she therefore has the support for storing the transport application before applying for said application and even before this application is installed. In the second scenario, we have the logical flow. The transport company needs to deliver its application to the secure element of the user that has requested it. So, the following stakeholders emerge: - Transport company: the owner of the transport application that will be stored in the applying user s secure element. It needs to deliver the application to the secure element through the communication channels existing on NFC mobile phone devices securely and remotely. - TSM: the Trusted Service Manager is a company that will be responsible for the remote management of the transport application that will reside on the user s secure element. Said application belongs to the corresponding transport company, and so a TSM must provide the sufficient security and confidence level for performing this task on behalf of the services provider. More details will be given in the chapter on TSMs on the functions they can and must provide. - End-user: already has an NFC phone with a secure element and is going to ask the transport company for the application with the corresponding transport ticket. What has been described above is summarized on the diagram below. Here there is no exchange of physical goods, but it corresponds to the logical flow, i.e. the transport application issue and management. 24

White paper on the application on NFC technology in the public transport 25 Going back to the comparison with the stakeholders taking part in the traditional contactless card scenario, we may observe

In addition, this action that was physically done on the card, will now have to be done remotely through the communication channels provided by mobile phone devices.

25 White paper on the application on NFC technology in the public transport 25 Going back to the comparison with the stakeholders taking part in the traditional contactless card scenario, we may observe how the TSM will now perform the tasks of pre-personalisation and personalisation of the transport application on the physical support which now is the secure element. In addition, this action that was physically done on the card, will now have to be done remotely through the communication channels provided by mobile phone devices. To sum up, when we transfer the contactless card to the NFC device, the physical and logical flows, which previously followed the same course, are now separate, which implies the emergence of new stakeholders. These new stakeholders will share out the same previously-existing roles: on the one hand, the secure element issuer will be the owner of the element where the transport application will be stored (it formerly belonged to the transport company). On the other, the transport company will need at least one trustworthy entity that enables it to deliver the transport application to the NFC device of a specific user: that entity is the TSM. OTHER SERVICES WITH NFC NFC Tags The aim of this chapter is to provide information on the possibilities offered by the placing of NFC tags for smartphones in public transport, complementing NFC Ticketing and payment solutions. Contactless technology groups together two-dimensional codes (or QR codes) and NFC. The QR (Quick Response) code is a two-dimensional barcode, which, when scanned by a mobile phone, allows access to digital contents and services on the mobile phone. This technology is compatible with most present-day smartphones and many applications are available to be downloaded for free at applications stores (Apple Store, OVI Store, Google Play, Blackberry Store, etc.). An NFC tag allows any mobile phone with this technology to instantly have access to or exchange information with a single touch. It is the simplest and most practical use executable with or without mobile phone application. It does not require the transaction security level as in the case of payments or Ticketing. 25

26 26 White paper on the application on NFC technology in the public transport The urgency to implement this contactless technology is favoured by its relatively low implementation cost, providing an excellent opportunity for transport operators: it allows them to provide customers with information (web contents, arrival times, incidents, etc.) simply and instantly, with a single touch. This single touch, in the mobility information area, can be compared with the last stage in the delivery area. It is also the final stage in a long process, but which makes all the difference regarding service quality and efficiency for users. The budgets involved in setting up this information service are relatively low, so implementation should be quick. Depending on the level of complexity of the mobile phone service and the tags network, an operator may be accompanied by a company specialized in tag and content management. Advantages of NFC Tags and Smart Posters: - Low implementation and management costs compared with dynamic displays (LCD display, etc.) - Environmentally-friendly: no electricity required, may last years. - Flexible to use and personalizable. - Easy to use, practical, personalised and fun for travellers. - It connects disconnected street furniture. E.g.: Posts or shelters with no digital information. There is an extremely wide range of possible services available for transport, such as: - Next bus arrival time - Incidents on the line, traffic situation - Possibility to download applications - Map access - Itinerary planning - Nearby stops and approximate arrival time - Buy transport ticket - Latest news from the transport operator and social networks - Promotion of events, initiatives, launching of application, competitions, games, etc. - Multimodal information: availability of free bikes in the area, suburban train/ metro/ tram stops and stations. - Cultural and tourist information: interactive information (audio guide and video) on nearby monuments, tourist routes, etc. - Information on the city and entertainment: cultural agenda, major events, classified ads, etc. For adequate access to be made to public transport information by NFC mobile phone, a number of requirements are necessary: - Tag reading: NFC tags are read without any technical barriers as they work with all NFC mobile phones. The optimal tag reading distance may be a few centimetres (up to 2-3 cm), but it is recommended to make field tests before launching any service. - Problems if NFC is not enabled: the automatic deactivation of NFC implies the importance of providing instructions for use such as how to enable NFC on the mobile phone device. - Life cycle: One must ensure that the operating model contemplates the whole life cycle of a NFC tag. 26

White paper on the application on NFC technology in the public transport 27 NFC mobile phones as inspection terminals The reading and recording capacity of tags and contactless cards allows them to

27 White paper on the application on NFC technology in the public transport 27 NFC mobile phones as inspection terminals The reading and recording capacity of tags and contactless cards allows them to have professional uses on the part of operators. One of these uses is using these mobile phones as inspection terminals, which would make the monitoring of the services a lot more viable and economical. NFC mobile phone terminals as points-of-sale Likewise, the terminal can be used as a top-up point transferred to the user s hands (top-up at home) which provides great advantages regarding the traditional sales network: - 24 hours. - Anywhere. - One terminal can top-up the whole family s cards. - Zero maintenance. - Continuous technological updating supported by the user. 27

28 28 White paper on the application on NFC technology in the public transport 2.4. Specific Characteristics for Public Transport Although all the above-mentioned has been described regarding its use in public transport, it is worth highlighting which aspects distinguish NFC implementation in public transport from other NFC-based services. Legacy Systems NFC implementation will be applied to devices already installed in the past for contactless cards. Although this means that most of the investment has already been made, and therefore this is apparently good, at the same time it implies that its design and implementation were made without thinking of NFC or mobile phone devices, which involves many conditioning factors such as devices that may require firmware adjustments in order to be 100% NFC-compliant, Hw adjustments to give the antenna more range or correct systems based on slots not accessible by a mobile phone. Likewise, the cards that are most widely implemented in public transport are made by a specific chip manufacturer (MIFARE) that has certain specific technical conditions, and therefore not only must the mobile phone be NFC-friendly and have the corresponding secure element, but it must also have the necessary MIFARE licence, as well as comply with industry recommendations in order to be able to operate with various MIFARE cards in the secure element. Off-line transaction and time requirements Transport requires extremely quick and reliable transactions in order to move millions of passengers every day ( ms.) in an automated way, which does not permit on-line communication of the reader to any server. This means that: - All the data must be stored on the card and the validator, so many data have to be exchanged in order to do so. - Unfinished transactions may occur (the user removes the card too quickly) as well as associated recovery processes. - The fact that the mobile phone has not enabled NFC or the card or application visible from the reader (the user has forgotten to do so), is a significant problem and therefore the possibility of this occurring should be minimized. Although the mobile phone can recover and enable these services automatically, it may take much longer than what is acceptable (seconds). Information for inspection The journey and the passenger have to be identified. For example, a personalised card has the passenger s photograph and details printed. What will inspection be like when the user has the card in an NFC mobile phone? Various cards and enabled card As has already been mentioned, the most widely implemented card is that of the manufacturer MIFARE, and so it is probable that mobile phones will have various cards of the same type. In this scenario only one card is visible at any one time. If the visible card is not the transport one, this means a problem for the system as the user may not be aware of this situation and block access to public transport, thus forming a queue behind until the incident has been resolved. Even in the case of the system being automatically enabled, the transaction will not take fractions of a second, but seconds. 28

29 White paper on the application on NFC technology in the public transport THE TRANSPORT CARD IN THE MOBILE PHONE 3.1. Introduction PURPOSE & OBJECTIVE The aim of this chapter is to enable a better understanding of the implications of putting transport cards on mobile phones for use in public transport, both for transport operators and for any actor wishing to get involved in projects with this technology in this sector, based on providing a simple view of the options and decisions faced when implementing this technology in this sector. Give approximate information on the current and future state of this technology and associated services, and propose implementation recommendations Architecture BASIC ARCHITECTURE The basic architecture for a transport card on an NFC mobile phone can be described as below. The transport card would be placed in the secure element (SE), which could be accessed from a user interface application on the mobile phone or remotely by the Transport Company owning the card via the corresponding TSMs and the mobile phone owner s mobile telephone operator. (See chapters on TSM and SE) This SE is able to communicate the card with the NFC chip in the mobile phone, which allows the transport card to be accessed from the exterior through NFC readers and equipment. The SE is organised and based on GlobalPlatform recommendations, the latest version being

30 White paper on the application on NFC technology in the public transport Common questions on basic architecture. Question 1: What would occur if more transport cards are needed on the mobile phone?

30 30 White paper on the application on NFC technology in the public transport Common questions on basic architecture. Question 1: What would occur if more transport cards are needed on the mobile phone? The architecture would be the following: According to this diagram, we can see that the SE allows for various cards from different transport companies to be stored, which are all accessible by the readers by the same NFC chip on the mobile phone and which the Transport Companies access through the corresponding TSM and telephone operator. Question 2: How do I prevent others from accessing my card? In fact, the basic outline described above does not reflect the security domains: A security domain is the representation in an SE of an external entity, such as a transport company or operator. Security domains are created inside the SE. These domains allow to divide the internal memory of an SE so that only the company that has the security domain keys may have access. Several cards could even be included in the same security domain. 30

31 White paper on the application on NFC technology in the public transport 31 Question 3: How is it done for the MIFARE cards family? Since MIFARE cards are propriety, this means that each SE must: Have all the licences applicable for each type of card (CLASSIC, DESFIRE and PLUS). Manage the cards in compliance with Mifare4Mobile documentation. In a practical sense, operation is based on each SE having an implementation zone on the MIFARE card according to the following diagram: Thus, Mifare4Mobile establishes all the mechanisms required for storing transport applications in the SE through OTA or the TSM, accessing information from those applications by means of the NFC mobile phone and which MIFARE implementation may safely place the card of interest at any given moment. For more information on Mifare4Mobile, please visit the website and see the report on mobile phone ticketing at Here a difference is made between the concept transport application and the card itself or appropriate MIFARE implementation, which together result in an outward transport card. Important Note 1: There are two Mifare4Mobile specifications. o o Mifare4Mobile 1.01 only contemplates the support for MIFARE Classic and a serial number corresponding to implementation and separate from the application. In this specification, the transport application with the keys is stored in the security domain corresponding to the transport operator. Only when said application is activated is it loaded on the MIFARE implementation and is therefore available outward through the contactless interface. Mifare4Mobile 2.0 extends support to MIFARE Classic and MIFARE DESFire EV1, as well as supporting multiple virtual cards with different serial numbers and activation parameters. In said specification, the transport application behaves in a different way with regard to specification In this case, transport applications, including their security keys and data, will never leave MIFARE implementation. Each application will be available on the corresponding virtual card and may be activated to be shown through the contactless interface. 31

32 32 White paper on the application on NFC technology in the public transport Important Note 2: Since the term transport application is used here, confusions may arise between this term and the user interface application (also called transport application ). There is no industry agreement on how to avoid this confusion, and so it is recommended that in any written or verbal communication it is clearly defined which of both elements is being referred to. Question 4: How do I access the MIFARE card from the mobile phone? Keys are never stored on the mobile phone. Once again, we must distinguish between specifications Mifare4Mobile 1.01 and Mifare4Mobile 1.01: to remotely update transport application information, a secure channel must be set up with the security domain containing the application (mutual authentication is required) in order to upload/update the transport application in the security domain. To obtain information through the mobile phone screen, the transport application owner defines which areas of the memory (at bit level) shall be available for being read without the need for prior authentication, and, consequently, without knowing the key. - Mifare4Mobile 2.0: to remotely update transport application information, a secure channel must be set up with the domain that includes the pointer to the application that will be contained in the MIFARE implementation. Once the secure channel has been set up, the transport application is uploaded/updated to the virtual card contained in the Mifare implementation. This last process is identical to the one made with Mifare contactless cards. To obtain information on the mobile phone screen, the transport application owner defines which areas of the memory (at bit level) shall be available for being read without the need for prior authentication, and, consequently, without knowing the key. It will not be possible to obtain information from areas of the memory which the transport application owner has not authorised. 32

33 White paper on the application on NFC technology in the public transport Processes & Equivalences Once the architecture has been explained, it is convenient to summarize the processes the card may go through (see chapter on Life Cycle). Download and creation of a blank card application: Equivalent to manufacture in the physical card. Personalisation of the application with the data that this card must have. Equivalent to the recording and personalisation of the physical card. Activation/deactivation of the card application (when it becomes available outward through the mobile phone contactless interface). It has no equivalent except for considering it as taking it out of the wallet. Current card normal cycles (ticket top-ups, validations, inspections, blocking, etc.) which are the same as those of the physical card, except in the handling of incidents (e.g. card removal cannot apply for mobile phones) Return of the SE application, disappearing from the element. If the user returns it, the terms coincide with the physical card, but may also be equivalent to the withdrawal of the card by the transport company Specific Requirements & Implications For the adequate use of the mobile phone as a public transport card, it is necessary for a number of specific requisites to be fulfilled, which are summarized in the following sections, and their implications analysed. Legacy systems Public transport in Spain has legacy systems, already implemented or in the process of being implemented. Types of cards. Most cards from a specific provider (MIFARE CLASSIC, MIFARE PLUS, MIFARE DESFIRE, and MIFARE ULTRALIGHT), some of them a proprietary encryption communication (CRYPTO 1). The cards can also have other contact chips on the same support (hybrid cards), in particular, citizens cards and bank cards. Dual cards (a chip with contact and contactless interface), usually bank cards and with MIFARE implementation. Depending on the bank card operating system, the interaction between the MIFARE implementation and the financial application will exist or not. These dual cards will allow, in most cases, access to the financial application through the two interfaces (contact and contactless) and to the MIFARE implementation only through the contactless interface. Readers and devices already implemented. The readers were already installed years ago and so the firmware and software is exclusively designed for the cards used and their specific performance. In particular: - They may not strictly comply with standard ISO They may not guarantee operation with elements with shorter operating distances. The environment does not favour distances as it is a robust device surrounded by a lot of metal, at least in the railway environment. (Railway, Metro, Tram). - They are not designed for formats different to the card, so in many cases they have slots or places for putting the card designed for that physical format, which is inadequate for other devices such as mobile phones. 33

34 34 White paper on the application on NFC technology in the public transport Implications for the card in the mobile phone. It would be recommendable to have all the cards mentioned in the mobile phone, including the capacity for having the NXP Crypto1 encryption algorithm necessary for communication with MIFARE cards. Some readers may require firmware updates in order to be ISO14443 compliant. Mobile phones may have shorter read distances than the equipment. Solutions must be found to minimize the problem of some physical interfaces only considering the physical format of the card, such as slots. Off-line validation transaction. Validation transactions are off-line transactions as the transaction speed is extremely demanding. This has the following implications for the transport card: It must have the necessary off-line data for all the processes that interact with it: User data, top-ups, validations, connections and group travel control, regularizations etc. The transaction must deal with many fields, quickly and reliably, and this information has to be transmitted to a central data system to process all this information internally and ensure that the card may be recovered at any time if it is faulty. Implications for the card in the mobile phone. All of the above, in principle, does not affect the use of NFC technology, provided it ensures that the transport card is managed in a way that for purposes of an external reader it performs in a similar manner. Access to transport: transaction speed and reliability Every day, a significant part of the population uses public transport to travel to their places of work, study or leisure, and is therefore an essential element for the smooth running of a city and its surroundings, as well as having a specific behaviour regarding the daily schedule as many of these journeys are made at certain times of the day. At the same time, the number of transactions made every day is very high, in some places reaching the figure of 5 million transactions/day. This means that the payment and validation system must fulfil a number of essential requirements: Automatic validation process. The user must only hold the card near and validate. Reliability and queues: A failure in the bus validator or access barriers may lead to undesirable situations that slow down public transport. It may be caused by the user, failure in the equipment, or a faulty card. Speed: The payment system must not be an impediment for access to public transport. Current validation times range from 150 ms to 500 ms, the average being approximately 300 ms. Specific behaviour with the contactless card in transactions. The contactless transaction cannot control when the user removes the card. In the transport environment, the user feels forced to make the transaction as quickly as possible, in their own interest or due to the pressure of the people behind them. This is a common situation and must be handled appropriately, all possible circumstances having to be taken into consideration (e.g. change the access barrier). 34

35 White paper on the application on NFC technology in the public transport 35 Implications for the card in the mobile phone. Problems arise if the NFC is not active in the mobile phone. Problems arise if steps have not been taken for working with a discharged battery. Problems arise if the active card is not the specific transport card. Possible reduction in the transaction reliability as it is a more complex system. Slower transaction times. Travel information and user identification The card and payment medium must allow current inspection actions to be carried out. This in particular implies that: The inspector may access and read the corresponding card data regarding the transport tickets loaded and recently-made validations. The inspector may identify the card owner if the latter is travelling with a personal ticket. This is currently done with personalised contactless cards showing the user s photograph, name and number. Implications for the card in the mobile phone. All of the above may be affected by the NFC mobile phone for the following reasons: The NFC or transport card is not activated at the time of inspection. Need to define an appropriate and secure mechanism for identifying the NFC ticket holder. Availability of various transport cards In many cases, users may have various cards used regularly, such as: A personalised card and an anonymous one. One of integrated use and another of a specific operator. One of the area where they work or travel habitually and another where they live. Implications for the card in the mobile phone. If the user wants to have all these cards on the NFC mobile phone, bearing in mind the aforementioned public transport constraints, the following aspects must be considered for transport cards: Have the most automatic mechanisms possible for easily activating the required card, also for validation, without changing the current systems, in the shortest possible time. If the above is not feasible, have smart mechanisms for prioritizing the cards and/or activation based on LBS (Location Based Systems), activation via tags, etc. If the above is not feasible, have flexible mechanisms so that the user may define cards by default and simple options for change with just one click. Proposals and responses to previous requirements Capacity to manage MIFARE cards and rest of cards. NXP is not the only MIFARE functionality supplier thanks to its licensing programme. Large manufacturers of SIM cards as well as hardware manufacturers like ST Microelectronics or Fundan, also have licences for MIFARE implementations. Compliance with standard ISO If readers are not ISO compliant, their firmware will have to be adapted, it being a minor change for which the maintenance teams will need some time. It is recommended to progressively adapt the corresponding equipment. 35

36 36 White paper on the application on NFC technology in the public transport Read distance. Since 2011 NFC FORUM antenna recommendations exist that will improve the current situation where each mobile phone has a different performance, although there is still time for those recommendations to be included in the new terminals. These recommendations do not establish operating distances and it is recommended that specific tests be established (chapter on Test Suites). Solutions for systems only designed for the physical card format. A mobile phone cannot be inserted into a slot, so this aspect should be taken into account in current systems with a plan to enable the reader signal to leave that slot or other solutions if we want to avoid major changes. In any case, they will have to be ad-hoc solutions. Problem if NFC is not enabled and the battery is discharged. The NFC enabled does not have a very high power consumption and can work with a discharged battery (in fact, with a very low battery, below the level that allows the mobile phone to be switched on). Deactivation for power consumption reasons (as occurs with Bluetooth) is not very likely. Deactivation due to privacy fears must also be reduced if proper information is given on operating distances and low consumption if this channel is activated. Possibility of appropriate transport card not enabled. In the short term, mechanisms can be established for users to say which card they want to enable and set up advanced mechanisms by default based on automatic localization mechanisms by means of the mobile phone GPS (for example, if the telephone determines that it is in the region of the Comunidad Valenciana it will automatically activate the Móbilis transport card). These mechanisms may be configured in the user interface application of each transport authority depending on the area of influence. In the medium term, activation mechanisms via tag NFC at stops, entrance gate/door, beside barriers, etc. can be set up, or readers generate the appropriate Select message so that the SE CRS (contactless applications manager in the SE) activates the card. This requires a standardised code assignation that has not yet been defined. Transaction reliability. Although transactions with NFC mobile phones are presently less reliable than with cards, this is caused by an adjustment in the entire Sw and Hw model and the associated regulations, and so this reliability will increase. Transaction times. Current transaction times are slower than in a transport card, given the elements involved, but times of less than 500ms are now being reached, considered to be acceptable in normal public transport, although it may be slow for overcrowded systems and where there is massification of mobile phone users. User identification & inspection. In the case of a personalised ticket, the passenger must be identified. Currently this poses no problem as the card itself is personalised. Each transport company must define how to deal with this issue, and the user may initially have to continue carrying their personalised card while all the identification mechanisms are developed. It may possibly be considered that mechanisms involving card removal are not to be applied to the mobile phone, opting for electronic mechanisms that deactivate the virtual card stored on said device used outside standard regulations. 36

37 White paper on the application on NFC technology in the public transport 37 Specific cases of change: incident management It is important to highlight that incident management is one of the factors that changes substantially when transferring the transport card to the mobile phone. This is not the particular case of transport cards, but should be pointed out so that transport companies will be aware of this fact. On the one hand, as a result of inspections, the card is sometimes withdrawn, which in this case will not be possible, since one cannot withdraw the mobile phone and the cards and services contained, so other mechanisms more appropriate for these cases must be enabled. On the other hand, customer services are further complicated because the customer services personnel are not trained for dealing with mobile phone-related problems, which are highly complex, and vice versa for mobile phone operators that, if the SE is the UICC, are not trained for dealing with transport cards. This requires a full restructuring of incident management that may significantly affect the methods and costs of these services. New solutions may be sought for inspection, such as the terminal being able to autodetect if correct validation has been made with an application that is only accessible by the inspector (by inspector card or PIN). Other novelties In addition to the above, NFC offers the opportunity to work on other options besides storing the transport card on the mobile phone, which must be taken into account according to the specific situation of each contactless ticketing system implemented and its current state. Contactless financial card. Contactless EMV financial cards are already being implemented. Until now, the contactless financial card has not been excessively implemented as it is a contact card that requires identification (except money cards), but in the current model it is completely different as it allows contactless payment and minor transactions without PIN or identification. These cards will also be stored on an NFC mobile phone. Therefore, system renewal/updating plans must bear in mind the acceptance of financial cards by validation devices for direct public transport access, although it is understood that important changes have to be made in the system, something which has already been done in some cities, for example, in London for the 2012 Olympic Games. The obstacles to be overcome for this to be feasible are the approval of terminals by financial institutions, achievement of off-line transactions and the establishment of the appropriate inspection mechanism. 37

38 38 White paper on the application on NFC technology in the public transport External card processing. NFC also allows the mobile phone to be a reader and therefore it could also process external transport cards. This would make it possible, for example, for a father to top-up the whole family s cards, or if the transport system is 100% adapted, mobile phones may be used for consulting and recharging cards. It is therefore recommendable that implementation projects study this possibility. For example, we have the Valencia project where this possibility is going to be implemented. The obstacles to implementing this in mobile phones are how to store or manage the key corresponding to the cards and that the access to MIFARE cards requires the MIFARE encryption algorithm (Crypto1). This issue has already been mentioned previously in question 4 in the Architecture section Recommendations for Transport Companies In accordance with the chapter on transport cards, the following recommendations are made to the transport companies for the implementation of the transport card on the mobile phone. Life Cycle. It must be ensured that the operating model considers the whole life cycle of the present card. See section on Card Life Cycle. Mobile phone testing. When tests are going to be carried out, pilot, launches and normal use, check the transport system against the maximum number of combinations possible on the mobile phones for having the technical situation map. (See chapter on Test Suites). Different types of secure elements. Different secure element providers. Different NFC mobile phone providers and models. Different mobile phone operators. It is recommended to create a place, web site or similar, where we can see all the mobile phones that all the transport companies have been able to validate. Verifications to be made on system equipment. Verification of standard ISO Operating distance verifications. Verification of physical barriers for mobile phones and other element, and seek solutions. Reliability test and times. Reliability and speed test verification before approving mass launches. Test for reducing NFC incidents and transport card not enabled These cases must be pilot tested and the mechanisms defined for reducing or dealing with it. In particular, the following must be taken into account: Default card activation mechanisms. Tag activation mechanisms. Future mechanisms for automatic detection by reader information. 38

39 White paper on the application on NFC technology in the public transport 39 Changes in treatments. Changes in terms of use and inspector manuals should be analysed, giving sufficient time for their implementation. Take other novelties into account If the contactless system is implemented and/or is going to be renewed, it is recommended to bear in mind the technological changes of interest. Acceptance of EMV contactless card in validation. Treatment of external cards with the mobile phone. 39

40 40 White paper on the application on NFC technology in the public transport 40

41 White paper on the application on NFC technology in the public transport PAYMENT & CHARGING OF REMOTE TICKETS 4.1. Introduction The purpose of this chapter is to briefly explain the systems that have to be put into operation and how these systems have to communicate in order to carry out the installation, payment and successive top-ups of remote tickets. So, at least three entities will be defined that have to perform different tasks. The possibility exists that the entity is able to perform more than one of the specific tasks determined here, and therefore has to adapt communications between them in the corresponding mode. Payment gateway Issuer server tickets TSM All these entities are present in the mobile phone since the mobile phone application and the secure element must be developed so that all these entities and their functions are integrated Architecture Architecture with key security in the TSM. 41

42 42 White paper on the application on NFC technology in the public transport Architecture with external key security Issues The installation, payment and remote ticket top-ups entail interaction and close collaboration between the different participating entities. The communication flows must be very clearly defined for each case so that all the possible payment and ticket charging variations are covered as well as all cases of error that may occur due to lack of coverage, low battery, lack of liquidity or any other variable, so that there will be a charging verification policy and a retry policy in the event of the load not having been successful. This communications strategy must be defined early on in the project and always depending on how many parties are involved as well as a clear assignment of responsibilities for each of them. 42

43 White paper on the application on NFC technology in the public transport Definition of actors / Participants Payment gateway This is the agent in charge of managing the payment corresponding to the installation and/or top-up, and once payment has been ensured, for notifying the following payment agent to proceed with the loading of the corresponding ticket to the transport application. The user application interface loaded onto the phone must have an adequate level of integration with the payment gateway, since the first action required by the system will always be the payment of the amount due, and only once this has been accepted will the secure element memory be enabled for installing the corresponding service and its corresponding personalisation. Remote Ticket Server/Operator BackOffice / Transport Authority This is the server of the transport consortium or authority that is going to give its acceptance to issue the ticket that has just been paid. Therefore, this server must be in constant communication with the payment gateway so that, once payment has been accepted, it contacts the TSM authority s server and sends the order corresponding to the payment, installation, load or top-up of the transport ticket to be sent to the secure element. Eligibility process The eligibility process involves the verification by both the Mobile Network Operator (MNO) and the Service Provider (SP), which in the public transport environment is no other than the transport operator/authority, of the phone capacity and of the user of having a card or ticket (in the event of the card already being available). Therefore, it is estimated that verifications will differ according to the action to be carried out. Subscription (Ticket registration). Card registration requires a series of MNO technical verifications, regardless of the Transport company/operator, such as: The phone is NFC. The NFC secure element is installed and has the necessary licence for accessing it. The storage capacity is sufficient for storing the application and data (this item will depend on the Transport Operator/Authority, since the associated user s application has a different size depending on each Transport Operator/Authority). On the other hand, for the verifications by the SP, two cases are checked: Case 1: Card with no special rights Description: In this case, the card can be assigned to any person. Case 2: Card with special rights. Description: these are cards that can only be registered once the user s rights have been verified (OAP, student, large family, etc.). Note: There is an intermediate case where the card can always be delivered to any citizen and the characteristics of "special benefits are part of the data stored in the structure, which can be added a posteriori. Case 1 does not therefore require verifications by the SP (although it is advisable for there to always be approval by the latter). In Case 2, the SP must approve the registration, making sure that the phone number is on a subscription basis. That is, Case 2 requires a mechanism of prior registration on the part of the user. 43

44 44 White paper on the application on NFC technology in the public transport Ticket Charging/Top-up The loading of a ticket implies the prior existence of the SP card/application on the phone. Therefore, this process requires more complex verifications. The ticket to be loaded is not indifferent to the verifications, as well as to the fact of whether it is a Load or a Top-up. In this sense, one can try to load: 1. A ticket without special requirements: 10 trip ticket, single, etc. 2. A ticket with special requirements: OAP monthly pass, etc. Accordingly, the Load action can be distinguished from the Top-up, as the Top-up implies that the expired ticket already existed on the phone and, therefore, the user at some time at least fulfilled the requirements for charging said ticket. Unlike the subscription, ticket Loading/Top-up needs few (or zero) verifications by the MNO, because the card already exists in the mobile phone. On the other hand, two scenarios are checked by the SP: Scenario 1: Verifications in the card. Description: Either because the information in the Back-Office is not reliable or the fact that certain information may not be transmitted online, means that the operator or the authority may not use the information to determine whether the ticket can be loaded or not on the card. Therefore, it must check the data stored: - Has the card expired? - What type is it? - Any special circumstances? (OAP, large family, company with an agreement, youth, etc.)? - Is it blocked? - Others. Scenario 2: Internal verifications. Description: in this case, the operator or authority can carry out checks on their own data base to authorise or refuse ticket registration. Note: There is an intermediate scenario (Scenario 3) in which the SP performs internal verifications and in the card. An example of this is checking the information on the card, but checking if it (even without being blocked) is on the pending Black List. In any case, these scenarios will imply differences in the information path and data flow. TSM This entity is responsible for sending, with the corresponding security, the script that has been generated for installing or loading the corresponding ticket. As the TSM functions will be addressed in depth in the corresponding chapter, here we shall only point out that the communications with the transport authority s information systems or remote ticket server have to be implemented, and that, in addition, one must design a retry policy between the TSM and the secure element that guarantee that the ticket has been loaded, regardless of the state of coverage or the mobile phone battery. 44

45 White paper on the application on NFC technology in the public transport Secure Element The secure element must support the technology required by the transport authority for loading its tickets, whether Mifare Classic 1K, 4K or Mifare DESFire. One must bear in mind that this technology can be supported in native mode or in emulation mode, where a Javacard applet will act as physical memory, and that each of these technologies has its advantages and disadvantages. If the card support is in native mode, a JavaCard communications applet must also be defined that will be responsible for receiving the TSM commands and reading/writing in the corresponding memory sector with the security defined. For this applet, MIFARE4Mobile can be used, or a proprietary applet can be defined to perform the same function in the event of this technology not being available by the secure element manufacturer. Note: For more details on the secure element, see the corresponding chapter. 45

46 46 White paper on the application on NFC technology in the public transport 46

White paper on the application on NFC technology in the public transport 47 5. SECURE ELEMENTS & TSM 5.1.

47 White paper on the application on NFC technology in the public transport SECURE ELEMENTS & TSM 5.1. Introduction Purpose of the document The purpose of this chapter is to provide information generally agreed by industry on the TSM model in order to facilitate the adoption of NFC technologies applied to transport. We shall respond to questions such as why a TSM is necessary, what functions and services it offers, and which configurations are commercialised Issues With mobile phone NFC technology applied to transport, the peculiarity arises that the tickets issued by the transport authority are stored on a physical support that does not belong to it, whether it is the SIM card, a chip embedded in the phone s hardware or a Micro SD memory card inside the user s phone. Transport Operators and Authorities wish to continue maintaining the same control and management over the cards and tickets that are now virtualized" by NFC technology. In a practical way, the tickets are now virtualized in the transport cards, which, in turn, are virtualized in a secure element in the mobile phone, this being a SIM card, an embedded chip or a Micro SD memory card. On the other hand, it is necessary to solve the technical connection and access rights to each SE. This requires a strong investment in integration and functional testing with each of the secure element issuers (mobile phone operators, mobile terminal manufacturers, Micro SD card issuers). Once underway, maintenance is required to evolve the technical solutions to meet market requirements. This task becomes inefficient, and even economically unfeasible, if each service provider has to carry it out with each of the secure element issuers. 47

48 48 White paper on the application on NFC technology in the public transport Therefore, the figure of the TSM is introduced, which, connected to various secure element owners, is responsible for managing secure access to the SE. The service providers facing the end user, in this case the transport authorities, only have to integrate with a single point of access, the TSM, to have access to a variety of secure element sources. In fact, different configurations will appear, including an exclusivist relationship of the SP with a TSM or the opening of the SP to several TSMs, in the same way as SE issuers will be connected to one or more TSMs. See section 5.6 of this chapter, "Introduction to Business Models". 48

49 White paper on the application on NFC technology in the public transport Sector Requirements & Needs To reach the largest possible number of citizens, because it is a public service. In addition, the return on the initial investment would be facilitated with large volumes of use. Simplification of the architecture, so that it will be possible to have a single point of access and integration to reach all the SE installed base. Compliance with industry standards (GlobalPlatform/AFSCM) chosen by our country s mobile phone operators, who are working to have a common standard in the Spanish market. The technical requirements must not force a business model (selling of licenses, SaaS, etc.) in order to encourage competition between them and make it possible to choose which one best fits the needs of each transport authority. In addition, the business model must be compatible with the rigid and delicate economic balances of the transport companies, having the least impact possible on the current ticket and card management processes. Going into further detail, it is important that the TSM will be capable of managing the ticket life cycle along with the card life cycle management, understood as a container of tickets. These life cycles must be as similar as possible to the life cycles followed by the cards and tickets issued physically, so that the necessary adaptations for integration with the transportation authority will be minimised TSM Definition The TSM is a role of the NFC ecosystem that acts as a neutral intermediary establishing trade agreements and technical connections with mobile phone operators, terminal manufacturers or with other companies that control secure elements in mobile phones (SEI). The TSM enables service providers to remotely distribute and manage NFC applications, allowing controlled access to the secure element in NFC phones TSM Functions The TSM must provide, from a functional point of view, those features already provided by physical contactless cards and their associated management systems, as well as the particular characteristics of the mobile phone medium. Therefore, a non-exhaustive list of services that should be provided by the TSM is proposed below, followed by a short list of functions that, in principle, a TSM does not have to provide, in order to avoid confusion. 49

50 50 White paper on the application on NFC technology in the public transport Card life cycle management Verification of the client s equipment s characteristics (mobile phone terminal and secure element) so that the combination card + ticket (s) may work without any problem. In this way, one avoids launching processes that cannot be completed by the client s equipment characteristics. Configuration of the security architecture to have a space in the secure element only accessible by the Transport Authority: instantiation of security domains, licences, secure channel keys assignment. Card issuance, normally as a software package. This function may imply the remote download and installation of the software on the secure element, or simply its instantiation: the TSM must treat it in the same manner as from the Transport Authority s point of view. Card personalisation, understood as the process of integration of the client s data and keys so that only the Transport Authority may access them. Establishment of a secure channel between the Transport Authority s IT infrastructure and its security domain in the SE, to be able to update or implement any other business process. Card renewal. Depending on the implementation, this process may mean the recording of a set of data, or the complete replacement of the software. Remote cancellation or locking of the card, at the Transport Authority s request. Transport ticket life cycle management Transport ticket issuance. Transport ticket top-up. Specific actions of the Transport Authority on the transport tickets in response to possible incidents recorded in the service (return of mistakenly discounted trips, etc.) Remote cancellation of transport tickets, from an order issued by the Transport Authority Features common to both life cycles Connectivity: ability to access the clients secure element, regardless of the technology used (SIM card, chip embedded in the phone, Micro SD card) and their issuer s. It requires both a technical (access permissions) and contractual agreement. Audit capabilities: to be able to remotely check the existence and status of the transport card and ticket(s) stored in the client s secure element. These capabilities will be used mainly by Customer Service platforms. Logging of the remote transactions carried out through the TSM. Notification of events relevant for the Transport Authority. Said events normally arise from actions detected in mobile phone networks, e.g.: - The user reports the loss of their mobile phone. - The user changes the secure element. - The mobile phone operator decides to block the user s account Functions that are not compulsory for the TSM The following functions must be understood as optional: some TSM providers may wish to include them in their offer, but, in principle, they are not specific to this element. Payment gateway, so that clients may purchase transport cards and tickets prior to installation in the mobile phone terminal. User interface application management system (commonly known as Wallet ). 50

51 White paper on the application on NFC technology in the public transport Introduction to Business Models The TSM concept offers a versatility of configurations that affect the relationship between the different stakeholders, and, therefore, the resulting business models. To facilitate the understanding of these configurations, we are going to introduce two basic models: The first figure illustrates the TSM model as a system. In this model, both the service providers (in this case the transport operators) and the secure element issuers (telephony operators, terminal manufacturers and others) acquire their own TSM with which they will connect to the rest of the ecosystem. The second figure shows the TSM model as a service, where both service providers and secure element issuers are integrated with a TSM in the cloud (TSM-as-a-Service) from which they obtain the services typical of the TSM. Finally, the reality will be a combination of these models, mutually compatible, which will coexist, guaranteeing an optimal use of the resources while they meet the ecosystem connectivity needs. 51

52 52 White paper on the application on NFC technology in the public transport As regards the business model, one must bear in mind that, from the transport companies point of view, the TSM replaces the card and ticket manufacturer and personaliser, so the most advisable business model is for the platform costs to be equivalent to the costs of the technologies and processes being supplanted. In other words, the resource allocation in the secure element and personalisation must be similar to the cost of the machinery for the card manufacture and to that of the card personalisation. Likewise, the cost of ticket top-up must be similar to that of the card/support recording operations. In addition to these basic services, the introduction of the mobile phone terminal opens the door to new value-added services, given the possibilities for communication with the user, non-existent with the card. These services may be charged separately from or together with the basic services Transport Companies. What Steps Need to Be Taken to Implement an NFC Service? 1. Choose TSM. The transport company shall contact TSM providers and analyse the different service levels, including connectivity with secure element issuers, and business model. 2. Integration. Whichever the TSM chosen, the transport companies must make the effort required so that the integration of their systems with the TSM will be as simple and potent as possible within the available technologies. 3. Design of the user experience, for example, deciding if the application user interface is a standalone application supplied by the transport company (with the possibility of including other functions, such as timetables and routes) or if it is integrated in a wallet belonging, for instance, to a financial institution or a mobile phone operator Secure Elements The Secure Element (SE) is an execution environment with a high level of protection, both physical (regarding possible hardware manipulations) and logical: the interfaces, channels and software installed in the SE have to meet strict security requirements, adapt to a security architecture, and only certain operation modes are allowed. A secure element is typically implemented as a microchip different to the main processor of the mobile phone terminal, which includes its own memory (both volatile and permanent) and a cryptographic co-processor for security operations. The most common security architecture among the SEs in the market is defined by the consortium GlobalPlatform, in its Card Specifications (available at We can find three types of secure elements in an NFC mobile phone: UICC (Universal Integrated Circuit Card), commonly known as SIM card (the SIM, Subscriber Identity Module, is in fact the application used for mobile phone network authentication). The UICC connects to the NFC hardware by means of a protocol called SWP (Single Wire Protocol). 52

53 White paper on the application on NFC technology in the public transport 53 The main advantages of the UICC as a secure element are the following: - Support by mobile phones operators, since it allows them to mediate in the NFC services market. - Existence of a massive number of UICC management processes and systems implemented by operators to manage the SIM card and other applications. - Availability of standardized direct access channels to the SE, called OTA (Over the Air). - Long life cycle: users replace their UICCs much less frequently than their mobile phones. SE embedded in the terminal (ese). Different manufacturers (RIM, Samsung, Sony Ericsson, Nokia, etc.) have designed phones that include an additional chip in their hardware that implements the secure element functions and is connected to the terminal s NFC circuitry. In spite of lacking the UICC advantages, the ese have recently had some acceptance, because they allow companies that are not mobile phone operators to launch NFC services. One example is Google with its service Google Wallet, introduced in 2011 in a number of cities in the United States. Micro SD memory card, including an SE chip and NFC circuitry (antenna and controller). It is a less attractive option than the previous ones because of its higher price, lack of standardized methods of access, as well as the fact that the user has to renounce their previous memory card. They are not compatible with all mobile phones, and are not able to work with the terminal switched off. Their greatest advantage is their project execution speed, since it is no longer necessary to coordinate with mobile network operators or phone manufacturers Recommendations The content of this chapter is probably one of the aspects that may escape the transport operator s control most of all: the secure element, and how to access it, will almost entirely depend on technical and business decisions of secure element issuer companies (mainly telecommunications operators and mobile phone manufacturers), and, ultimately, on the end-consumer s buying decisions. However, one of a transport operator s most important decisions when extending the ticketing system to mobile phones is its choice of TSM. Our recommendation is to start by analysing the global service context in detail, e.g.: The mobile handset installed base in the geographic area of interest for the transport operator: what are the most popular models and operators? The aim is to determine the secure element issuers to which it is a priority to connect. The transport operator s technical capacity to select the type of TSM (as a system or service, see section 5.6). We also recommend to analyse, in a second step, the flexibility of the current transport ticket personalisation system when integrating with an internal or external system. Budgetary constraints and priorities: decisions and availability of investment/expenditure may also condition the type of TSM to be used. Required level of security: more than measures and technologies in themselves, the certification process has a cost, so it is recommended that the transport operator assesses well its needs in this regard. The result of this analysis shall generate a series of requirements for TSMs in the market. 53

54 54 White paper on the application on NFC technology in the public transport 54

55 White paper on the application on NFC technology in the public transport TEST SUITES 6.1. Introduction Purpose of the document The aim of this chapter is to provide transport authorities wishing to load their ticketing products on mobile phones a guide explaining the different test areas and what has to be tested in each one of them Issues With the arrival of the NFC technology, new stakeholders appear on the transport ticketing loading and validation scene: telephones. These telephones have different manufacturers, are not within the transport companies regulatory area (and therefore different ways of functioning may be found), and they also have quite a short average useful life span, so a further problem is added for the transport authorities and agents, which is that of checking an everincreasing telephone population. The technical characteristics of a phone are defined between the terminal manufacturers and the telephone operators that approve said terminals for use by the client. Telephone operators do not currently have standardized trials to test the telephone during the approval procedure. Therefore, due to the wide range of validating machine manufacturers, tests are carried out according to defined projects. So it would be reasonable for transport authorities to establish a list of minimum requirements that they may pass on to telephone operators so the latter may include them in their NFC phone acceptance tests Test Areas 3 different test areas may be defined, each one with a responsible party that later jointly lead to the loading and validation of transport tickets. HW TESTS: a. Validating machine tests b. Validation tests on phone terminals SW TESTS: User interface application tests for transport tickets TSM INTEGRATION TESTS/PAYMENT GATEWAY/OWN INFORMATION SYSTEMS This is a set of tests required to ensure that all computer systems (back end) of the parties involved in the project are correctly communicated in all established cases of use. 55

56 56 White paper on the application on NFC technology in the public transport 6.4. Development of the Tests HW Tests Validating machine tests The area of these tests must be the common tests that are currently carried out on the different models of validators used. Validation tests on telephone terminals The aim of these tests is to test different terminal models against the validating machines used and verify tickets are correctly validated. To be able to check the phone, a secure element (whether SIM, Micro SD, or embedded) has to be necessarily loaded with the different types of tickets available. Particular attention should be given to ticket validation times since phone terminals usually require more time than that required for plastic cards. Different variations that may occur in the field have to be tested, such as: With /without coverage Phone off/on Screen off/on Receiving a call/message during validation.. Software Tests User interface application tests The purpose of these tests is the acceptance by the transport authority of the application that will provide the corresponding ticket issuer s image. Therefore, all the screens defined and their operating capacity must be tested, as well as the data shown being correct before and after validation. Due to the fragmentation of the mobile phone market, all the application versions and variants existing per model or telephone operating system must be tested. It may occur that in order to test all the operating capacities, other information or issuance systems supplying screens with data must be in operation. This test implies a new development and validation effort never carried out before by transport authorities. Therefore, it must be taken into account in advance and be coordinated with the secure element issuers, in most case telephone operators. TSM integration tests / Payment gateway / Own information systems The purpose of these tests is to ensure full integration between different servers and computer systems that come into play in an NFC transport project. These tests must go beyond mere communication between servers and should seek, in addition to testing typical cases of use, other extraordinary ones where their likelihood of occurring in the field is low. Typical cases of use are those proposed by the standards used in NFC communications, which may be those proposed by AFSCM (French Association of Contactless Mobiles) or GP (Global Platform) and are divided into three major groups: - Service subscription and installation, - Life cycle and use, - End of service. All of them are explained in more detail in the chapter on Product Life Cycle. 56

57 White paper on the application on NFC technology in the public transport BUSINESS MODEL / COMMERCIAL IMPLEMENTATION 7.1. Introduction PURPOSE & OBJECTIVE The aim of this chapter is to analyse the economic feasibility of the new service to be provided, studying the different types of costs and revenue that may be generated in the process. Assessing them for each case, it could be determined when they can be economically feasible. In the case of implementation of NFC technology for payment in public transport, multiple possible alternative business models are frequently proposed. This is due to the different nature, regarding the current ones, of the costs arising when implementing the service in respect of telecommunications, secure element, financial transactions, TSM, etc. Thus, models with complex forms de retribution are defined and explained: fixed, temporary, by number of users, by number of transactions, etc., as well as combinations of them between different participants. Client Provider Model This type of explanation may help to understand how to set up an economic balance between the stakeholders, but they should not be used to propose an agreement among all the participants, as it would make it extremely complex. NFC implementations for payment in public transport already made are showing how the most immediate business model is the classic client-provider model. The client will be the contactless card issuer, usually public transport authorities or operators. The provider will be the company that undertakes to provide the necessary means so that the contactless card may be emulated by an NFC-enabled mobile phone. It is in the service payment concepts and form where the business model variants start to arise as well as the distribution of costs. The main provider could use its own means to provide the service, though it will usually reach agreements with other providers with whom it will establish the corresponding contracts for the supply and provision of services. It is important to mention this circumstance, since for the contactless card owner those agreements are most likely to be transparent, although it logically may have knowledge of the different agents taking part in the provision of the service and participates actively in the decisions and measures taken for implementing the service and its subsequent management Development Alternatives & Needs for Implementation In order to analyse the needs for new resources in the service provision and the alternatives to achieve them, the following aspects are developed below: Investments and costs for implementing NFC Savings allowed by NFC New services / revenue Service improvements 57

58 58 White paper on the application on NFC technology in the public transport Investments & Costs for implementing NFC The investments and costs shall be analysed from the point of view of each one of the elements involved in the service implementation, marketing and use. User Equipment Secure element (SIM, Embedded, Micro SD) NFC mobile phone, for which the user bears the cost Transport authority/operator It must update the ticketing, information and back-end services systems, and, if necessary, adapt the validator firmware Training of personnel for resolving the incidents arising from the use of this service Transport Trusted Service Manager Implementation, operation, maintenance to issue and manage transport tickets to manage top-ups and life cycles Telecommunications Trusted Service Manager To manage the eligibility of devices (compatible telephone and secure element), secure element memory, etc. Communications operators To globally facilitate the communications platform and provide the specific services required. Financial operators To facilitate the users the tools for payment with transaction processing services, with the aim of providing a general payment means for all the user s possible choices. Technology integrators and developers To provide the specific software (applet) that processing the virtual contactless card and the user interface that incorporates access to remote payment and functions of information and consultation of the transport tickets stored on the users mobile phones. Development of the applications required for integration with the TSM and information systems of the Transport Operator owner of the Contactless Card, as well as the TSM of the communications operator and the financial institutions. Virtual Contactless Card marketing company Company that will outsource and coordinate the different providers in order to provide a single service to the transport operator. Main provider in charge of the project feasibility. 58

59 White paper on the application on NFC technology in the public transport Savings allowed by NFC Single ticket The use of NFC eliminates the need to provide support for a single ticket. Multi-trip ticket NFC saves having to issue x magnetic tickets NFC saves having to issue and distribute physical cards Personal ticket Very high cost of manufacture, personalisation and distribution. With NFC this cost is drastically reduced by means of user/mobile phone linking procedures. Top-up Infrastructure One must bear in mind that virtual tickets are created, sold and stored on the users own mobile phones, and traditional ticket issue and distribution costs are reduced (topup machines, personnel, ticket desks, etc.), but others emerge that will lead to the investments required to facilitate the process (adaptation and development of new computer processes and systems integration), costs of usage and security domain management, whether it is a SIM of a communications operator, an element embedded in the hardware of the NFC mobile phone, or a Micro SD inside. In addition, the new system operation will not use the conventional distribution networks that have performed the functions of cash collection and management and user customer services, this last function having to be redefined through new action protocols that can accommodate the incidents and establish communication channels with the user in line with the nature of the virtual transport ticket stored in the NFC phone. Information Infrastructure NFC will enable the user to have access from their own mobile phone to all the information available inside a virtual public transport card contained in the device, all the card information fields being accessible on the screen; the user may visualize the transport tickets bought, when they made their top-up, where they were used, and the means of transport used (bus, metro, tram, train, etc...). From this point of view, there is a significant improvement in the user experience compared to the impossibility of offering information on a conventional ticket New services / revenue User payment by the application in the mobile phone Cross-selling Model established for applications in the mobile phone Favourable surveys (e.g. EPT Murcia, EMTSAM Málaga) Multi-modal ticket: train/airplane + metrobus E.g., AVE ticket purchase: Madrid => Metro suggests a metrobus Combo: event/ point of interest + transport ticket E.g.: purchase of a football ticket and proposal of 2 single tickets Promotions / coupons / publicity There are numerous possibilities, also non-intrusive ones, if tags are installed at bus stops and metro stations. 59

60 60 White paper on the application on NFC technology in the public transport Service Improvements Among the advantages provided by the implementation of this service, to summarise, we can mention: Ticket purchase and top-up anywhere, anytime, both by the user and third parties. mmediate access to all information existing on the travel ticket that the user has purchased (purchase, top-up, use, remaining balance), etc... Interactive information, on demand and according to user routes on: traffic, next bus/metro, incidents, fares, events, etc. It facilitates validation at the exit, which allows better planning if one wants to implement this type of solutions. Smart ticketing management Client-Provider Relationship So that a transport operator s travel tickets can be supported by an NFC device, from which top-ups can also be made anytime and anywhere, negotiation and procurement are necessary with different figures whose responsibility may include the provision of one or more of the following services: Secure element (agreement with the owner for payment for use) Transport operator TSM (agreement with the TSM for service payment) Payment gateway banking services (agreement with the payment services provider) Development of the applet in user s terminal (agreement with technology provider) Development of software for making remote payments from the terminal (agreement with technology provider) Integration of servers involved (agreement with technology provider) In the case of adopting a model based on the communications operator s SIM (UICC), its technology platform will have to be contracted. Solutions exist so that the Contactless Card owner will perform these tasks directly with its own means and at its own risk. Some or all of the elements may be contracted separately, reaching agreements with the corresponding service providers. Depending on the type of costs incurred in each case and on the investments and risks each of the parties is willing to accept, the different business models are specified. Going into further detail, no two contracts are the same, and so there would be as many models as service agreements. From now on we shall simplify in order to understand the interests of the agents and the main combinations of possibilities. The model that seems reasonable in Spain is that the Contactless Card owner hires the whole service with a single entity that takes responsibility for everything, and, in turn, outsources the necessary elements or agents. That entity in many cases could be the distributors of tickets that can be loaded in the Contactless Card and the procurement of the NFC support may be part of the distribution contract or another agreement. However, these conventional distribution networks have been characterized by geographically covering the territory with a good network of top-up and service points, attending the users personally. With NFC services, this physical presence makes no sense in a process that is essentially developed remotely, so the most suitable profile for the transport operator would be 60

61 White paper on the application on NFC technology in the public transport 61 better represented by a technology developer-integrator that, in addition, has the necessary knowledge to interact with financial operators, communications operators, and TSM services providers, becoming an important figure for promoting and favouring the NFC solutions application in the public transport sector. From now on, a relationship between the Contactless Card owner and the NFC support services provider will be proposed as a relationship with all the necessary services for the support. Some assumptions for the models in question: In all cases, the NFC terminal is provided by the public transport service user. The cost of the tickets must not be higher for the user. The adaptations of the validating machines, if necessary, are charged to the transport operators where the Contactless Card to be supported in NFC is to be used. Cost overruns and changes in the contactless card owner Back office are payable by the latter. The secure element may be in the communications operators SIM, but models with the secure element embedded in the phone or Micro SD may emerge, achieving the independence of the communications operators on the part of the transport operators. It may be easier for a single provider to bring together the IT developments, the payment services media, the communications services, the TSM services and the transport operator through this interlocutor be able to carry the project forward. It is necessary to find imaginative solutions so that investments on the part of transport operators are not needed beyond their own IT developments and updating, if required, of the validation machines already installed. Conclusions After broad consultation with different agents, some conclusions that appear will have to be respected for a successful implementation of NFC for public transport payment may be put forward. In general, all the transport ticket distribution procedures must be carried out with the same margin available for current tickets. Transport operators will therefore see their ticket distribution costs increased, and in the costs for developing the new solutions needed for implementing the NFC solutions applied to public transport only participate in the necessary adaptations in their own environment (servers, validators, etc.). The figure of the technology provider that takes responsibility for the IT developments and adaptations to the processes involved in the communications operators, financial operators and different TSM services, shall have to cover the development and integration costs as well as those of the services outsourced with the revenues generated by the transport ticket top-ups in time, and within the available distribution margin, assuming the project risk. It is necessary for all parties involved to understand the business model very well, so that none of them intends to be paid for their services in such a way that the project is economically unfeasible, giving it the chance to be implemented and the investments made amortised in a reasonable period of time, since the benefits for public transport users are obvious. 61

62 62 White paper on the application on NFC technology in the public transport Although the embedded secure element and the Micro SD card solutions may be technically feasible, it is more likely that the most successful model will be the one represented by the secure element in the SIM, conditioned to communications operators being able to develop an attractive offer; otherwise, the winners will be the business models based on the secure element embedded in the phone itself or in phones with dual SIM slot, or Micro SD. In the medium term, any solution must be open to all mobile phone operators, in order to prevent public transport users of a specific geographical area being conditioned to subscribe to a specific mobile phone operator s services to receive NFC services. The very function of public transport being a Public Service makes this compulsory. It is highly convenient for users to have these services without having to change communications operator in order to be smoothly incorporated into the service. Financial institutions must adapt their services payment fees to the business model, on the understanding that they are transactions of little value in most cases (ten-trip ticket), and with low risk levels. Likewise, they must accept the fact that from a user s mobile phone a remote purchase of an item (travel ticket) is made, and adapt their processes and verifications in order to facilitate the adoption of the new service by the largest number possible of public transport users. The TSMs, which are usually companies that market and manufacture plastic contactless card that are used massively in public transport, must adapt their processes to sell virtual cards and find ways of collaborating to continue doing business in a sector whose products have a very high purchasing capacity (physical or virtual cards). The fundamental agent in the process is the contactless card owner, who will ultimately decide if it will be supported with NFC technology on mobile phones or not. In order for this agent to be able to make an affirmative decision, it shall require an offer that fulfils its technical and commercial expectations. 62

63 White paper on the application on NFC technology in the public transport PRODUCT LIFE CYCLE 8.1. Introduction & Purpose This chapter describes the processes in which a transport card is involved when it is in an NFC mobile phone. The purpose is to give a view of the card life cycle and the implications involved for successfully achieving the implementation of the NFC mobile phone in public transport. We shall do so in the following sections: Description of the differences that occur when the card is inside the NFC mobile phone. Describe the card life cycle through its analogy with current processes. Describe the ticket life cycle through its analogy with current processes. Summarize and highlight the most relevant issues to be considered Differences When the Card Is in the NFC Mobile Phone When a transport card is placed in a mobile phone, some important differences occur that need to be pointed out for a better understanding of its implementation implications in public transport. The transport card becomes virtualized inside the mobile phone s secure element (SE), therefore ceasing to exist as a physical card or physical chip. The transport ticket is also virtualized inside the card, but this in fact is nothing new as it is already happening in current transport cards. The SE is a support that will be able to hold other transport cards or other types such as bank cards, as well as other services, communications etc., which means that it can no longer be owned by the transport company. Since the card will be located inside the mobile phone, it may be accessed remotely at any time communication is activated. The mobile phone environment, and more with the NFC environment, makes it possible to make payment transactions from the mobile phone, which leads the way to card top-ups without having to go to a top-up point. As NFC technology is currently an emerging technology and has many requirements associated, it cannot always be guaranteed that the card will be downloadable to all mobile phone models in the market, meaning that the user will always have a choice during card request process on the mobile phone. The contactless card has certain limitations, among them its interaction capacity: we can only obtain information on the card if we hold it near a terminal that powers it and is able to authenticate and obtain the corresponding information. NFC makes it possible to remove this obstacle, since mobile phones today have large screens, connectivity and processing capability. 63

Where: Green shows the transactions that will occur during a card s life cycle, blue shows those events that will probably occur during a card s life cycle, and yellow when they are

64 64 White paper on the application on NFC technology in the public transport 8.3. Card Life Cycle Diagram A simplified diagram describing the life cycle of a card for the NFC environment mobile can be seen below. Where: Green shows the transactions that will occur during a card s life cycle, blue shows those events that will probably occur during a card s life cycle, and yellow when they are undesirable processes, but which might occur. Description of processes and their analogy with current processes Usual activities (green rectangles) Eligibility: A process that determines if the mobile phone, SE and user meet the requirements. Analogy only exists with current processes when the passengers profile has special benefits such as a young person or student. 64

65 White paper on the application on NFC technology in the public transport 65 Payment: Payment transaction to have the card and associated applications on the mobile phone. This process is analogous to the card payment purchase, whether it is anonymous or personalised. Domain & application loading: A security domain is created in the SE if it does not previously exist, where the data from a blank card of this transport company are downloaded. This process is analogous to the manufacture and distribution of a blank, non-personalised card according to the transport company s requirements. Personalisation and activation: The card is internally activated and personalised with this process, so that it can be used in public transport, the fields required being recorded, including, in the case of the personal card, the user s specific data such as profile, name, etc. The analogy with reality is the card activation and personalisation. Possible additional activities (blue rectangles) Expiry and Return: The card may expire according to the maximum expiry date, so it cannot be used any longer if it is not changed or reactivated, or simply it may be returned, which means it disappears from the secure element. This may occur for various reasons, such as the user no longer wanting it, because it has been programmed in this way (e.g. a 3-day tourist card) or by fraud on the part of the user. Inspection: Transport inspectors may check this card just as is done with physical cards, although it is important to point out that the action protocols may need to be modified due to the particularities of the support. Examples of this may be the user s identification procedure, as he/she would not carry a physical card with their photograph, or the withdrawal of the card in the event of fraud, which may be solved by different mechanisms, but which have to be clearly established for inspectors and inspection devices. Change of mobile phone: The user may decide to change mobile phone. If the SE is physically transferable (see chapter on Secure Elements) as is the case of a SIM card, the change of mobile phone does not mean that the card is changed; the user continues with their card, though this does not mean it is an easy task. When the system wants to access the card, it must control which mobile phone it is on and the applications in the mobile phone accessing the card (the Wallet and the specific application) must be installed or transferred to the new mobile phone with the technical challenges that this entails. If the SE is not physically transferable or the user changes mobile phone operator, and therefore USIM, all the services must be transferred to the new SE, including the transport card, or adopted by the mobile phone operators. This is provided for by the standard adopted by mobile phone operators for their USIM, so technically there is a solution, though it is important to note that a credit card keeps its number (if it is declared as a duplicate), but in the case of the most common public transport card, the MIFARE card, the chip serial number is a new number, which is something that must be taken into account in the central management systems Change of SE: For the various reasons mentioned above, the user may need to change the SE, which will entail going through the application loading, personalisation etc. process again. 65

66 White paper on the application on NFC technology in the public transport Undesirable activities (yellow rectangles) Card blocking: The card can be blocked for various reasons, such as an

66 66 White paper on the application on NFC technology in the public transport Undesirable activities (yellow rectangles) Card blocking: The card can be blocked for various reasons, such as an inspection or fraud detection of fraud in the central systems. This blocking is analogous to that existing for cards, but with the advantage that it can be accessed remotely at any time. Theft of mobile phone: Mobile phone theft should be treated like card theft, which implies its blocking (no line has been drawn to the blocking on the diagram to simplify it) and an SE change in the terms described above. Incidents and failures: Logically, card-related faults and failures can occur, which could be repaired or reinstalled in the SE, but the latter may also be damaged, and in which case would have to be replaced by another. For the purposes of card analogy, in the first case it would be necessary to repair the card, and in the other, replace the card loading the data available at the SCGB Central Management System Ticket Life Cycle Diagram The ticket life cycle diagram is complex. By way of example, a typical diagram is included to show it. 66

67 White paper on the application on NFC technology in the public transport 67 However, this diagram will not be explained, since as mentioned above, the tickets are already virtualized on the currently existing NFC transport cards, so essentially the whole process is similar, and its explanation here would make this chapter needlessly long. Therefore, all we shall do is point out the particularities that should be taken into account in the ticket life cycle. Identity control in the case of personalised tickets. If the ticket requires the user to have specific characteristics, e.g. a monthly young person s pass, the user must be clearly identified despite not having a physical card with a photograph. This has already been mentioned in the card life cycle, and emphasis shall be made on this point, it being advisable for a photograph to be included in the transport application and be visible on the mobile phone screen. If this is not possible, the user should carry a card as proof of identity although it is not used for travel. Transactions in general by lists. Contactless cards are processed remotely by lists of cards that are sent to the devices and when they locate them, they act. With NFC technology, this may be done immediately. For example, if the user has 3 additional trips due to an incident, this balance may be increased remotely at any time. Remote Charging. The ticket may be recharged remotely and in real time, without the need to have to wait to pass a top-up or validation point which has been reached by a list of cards that have made a top-up purchase on the web site. Conventional charging. The fact that a remote top-up can be made does not mean that the user cannot continue going to the usual top-up points to charge the tickets in the same way as with physical cards. Inspection. More future options will be available for possible sanctions. During the inspection process and if the user has to pay a fine, the latter may be paid immediately or the ticket downloaded with minor penalties. Changes of tariffs and exchanges. Given the possibilities of remote operations, it is possible to consider more flexible options for when transport tickets expire, allowing to exchange expired trips to ones with a new tariff, paying the difference from the same mobile phone. Transfer of tickets and balances. This case is not common today, but the current user might want to transfer balances of trips or full tickets already charged to another mobile phone belonging to a relative (e.g. a son) or another third party. In this regard, it is important to note that this type of transactions are only planned through the TSM (see section in question) in the current architecture without compromising security, although this is not an NFC requirement but one of security criteria. 67

68 68 White paper on the application on NFC technology in the public transport 8.5. Summary of relevant cases As described above, the relevant cases that must be taken into account in the implementation of NFC mobile phones in transport are summarised below. Eligibility An eligibility process should exist for the mobile phone, its operating system, the SE and the user. Remote payment The possibility of the remote payment of transactions comes into play, but that also implies new stakeholders, costs and fee schemes may be generated (e.g. a credit card or direct debit of charges), which are only taken into account in certain operating models with automated sales systems and rarely in economic models with integrated tickets. In particular, it is foreseeable that sales networks will emerge to manage these transactions, as current networks do. Incidents Incident management is more complex, since the user will go to a customer care point with a mobile phone and not a card, more stakeholders coming into the problemsolving process and a higher level of staff training being required. Inspection. It is necessary to redefine the user identification processing protocols, as well as card withdrawals sanctions etc. Change of MNO or mobile phone. The change of mobile phone or SE requires new processes for transferring cards between the SE and that the applications on the mobile phone dealing with the cards are available. Card return. Card return protocols should be taken into account (removing the card from the SE). 68

69 White paper on the application on NFC technology in the public transport BARRIERS TO NFC IMPLEMENTATION IN PUBLIC TRANSPORT 9.1. Introduction In this Paper, an attempt has been made to explain those points to be taken into account to implement NFC in public transport. There is no doubt about the advantages offered by NFC to both transport operators currently deploying contactless card, and end-users. However, despite its advantages, the implementation of said technology is presently subject to certain barriers/obstacles that can hinder its massive deployment. Public transport is a public service, and as such, all citizens requiring it must be guaranteed a correct service Technological Barriers In contactless technology, we may divide technological barriers into two groups: those related to the mobile phone devices (which will act like today s contactless cards), and those related to infrastructure. The aforementioned barriers are described below. Related with mobile phone devices Battery-free operation Contactless cards work without a battery, being powered by a reader. Therefore, it is expected that NFC devices which are going to act like a card will not require a battery to work either. This point is quite important, since the transport operator must ensure that a user who has entered the system using the NFC device will be able to exit it even though their device battery is flat. Operation will vary according to the NFC device manufacturer. Some devices exist in which NFC works when the battery is off, but the latter should always be connected, while there are others that only work if they are on and/or unblocked. Like all technologies, NFC will evolve and it is expected that in the future devices will be able to work without a battery. Availability of NFC mobile phones It can be said that the availability of NFC devices is no longer a technological barrier. During 2013 it is expected that more than 300 million mobile devices with NFC connectivity will be distributed worldwide; by 2015, it is estimated that 50% of mobile phone devices distributed will include NFC technology, a figure that may reach 500 million devices. Although currently most users do not have NFC-enabled mobile phones, the trend for the coming years is optimistic. 69

70 70 White paper on the application on NFC technology in the public transport Functioning on all mobile phone platforms Public transport is universal and, as such, must provide service to all citizens who request it. At present, there are several widespread mobile phone platforms (Android, ios, Windows Phone, BlackBerry). Each mobile phone has integrated NFC following established standards, but it is necessary to develop the application with which the user will interact for each platform. Even some platforms, such as IOS, still have not integrated NFC. Therefore, the possibility that not all users may be able to access the NFC service until its massive widespread implementation must be taken into account. In any case, one must not overlook the fact that NFC implementation in public transport is not an exclusive proposal, and those users who do not have an appropriate mobile phone will always be able to continue using the contactless card. NFC and active transport card NFC communication is an option that can be deactivated by the user, and mobile phones will carry different types of cards (credit, transport, loyalty), and even several transport cards, so there must be a mechanism for activating that card, to make its operability automatically possible. Although industry recommendations have planned mechanisms for activating the right cards at any given moment, this requires certain conditions that will not be in place at the beginning. Therefore, undesirable circumstances may arise in which the user with the correct card would not be able to make it work, either because the NFC is deactivated or because he/she does not know how to activate the right card, which may result in negative reactions on the part of users due to their failure to understand the issues raised. User identification Many transport tickets are personalised and require user identification, which is usually resolved by incorporating the user s photograph and personal data, so that inspectors can quickly perform identification. When the virtualized card is placed in the mobile phone, the option of including the holder s photograph on the application user interface will have to be considered, in order to be able to view the user s data on the mobile phone screen, or, for example, include biometric information in the card so that the inspectors will be able to read that information etc. In any case, it is advisable to reach consensus among the largest number of transport authorities and operators possible, in order to establish common procedures in the different transport networks and populations so as to implement a common user experience from the beginning. Infrastructure-related Infrastructure software interoperability The infrastructure software deployed in contactless ticketing systems is, in many cases, adapted to work only with contactless cards. The transfer of the contactless card to the NFC device entails changes in response times and maybe in the activation parameters sequence. Both the change in time and the activation parameters are always within the specifications of standard ISO One shall have to analyse if the infrastructure software has been adjusted to make it work with the contactless card, to avoid the problem of the NFC device not working correctly. 70

71 White paper on the application on NFC technology in the public transport 71 To solve this potential problem, in many cases the infrastructure software has to be updated and it must be ensured that it strictly complies with the activation times specified in standard ISO and not reject the device according to the activation parameters. It is advisable to perform extensive tests on all the devices and secure elements to be accepted. Infrastructure mechanical interoperability There is contactless card infrastructure equipment that requires the user to insert the card to make transactions. Since NFC devices do not have the same format as the contactless card, it may occur that said devices cannot be used in the equipment designed with slots for inserting the contactless card. Likewise, the inductive coupling of the contactless card with RFID antennas installed in the equipment of a certain infrastructure may not be the same as that of the NFC device, since the antenna size can vary. The latter may require the adjustment of said antenna circuitry. It is important to bear in mind the two previously-mentioned points during the NFC deployment planning, and it is also advisable to test the working of the different NFC devices one wishes to validate to verify that their performance is acceptable Social & Cultural Barriers User acceptance User acceptance is not always immediate and is often related to what they expect and what they get. Some drawbacks that users may face are mentioned, and which will require the corresponding information actions. The purchase of a card is a physical product and something for which we are charged, but what will our reaction be if we are charged for loading a virtual card onto our mobile phone? It is only to be expected that we have a better acceptance of the cost of a physical element than a virtual one. What will happen if we fail to understand the NFC and card activation, and are faced with a frustrating experience not being able to access the transport? What will happen if we think that NFC is a new radio field that will affect our organism, or that somebody s going to eavesdrop on our data? or any of the many other myths so widely disseminated on the Internet? Maximum care should be taken regarding those aspects that may generate and increase users rejection, so progressive implementation is recommended with users who are more willing to accept the technology. User training The users training/ information level regarding the technology may be decisive, so this aspect may be an obstacle if sufficient attention is not given and appropriate strategies defined for progressively training users who will fulfil the role of inadvertent trainers of the rest. Personnel training One of the main barriers to the implementation of these systems is personnel training. If the latter do not understand or believe in the technology, or simply do not know how it is to be used, this will become a major obstacle for its implementation. 71

72 72 White paper on the application on NFC technology in the public transport Plans must exist for involving personnel throughout the whole NFC implementation process, because, in addition to achieving their own training, they will be able to provide their own view which is essential for the project s success Economic Barriers Investment Although the infrastructure is compatible, minor changes in some computers will be necessary, as well as the addition or modification of processes, the addition of functions in inspection equipment to make changes to enable the use of devices that are no longer cards, add modules in servers etc. Business model Since new stakeholders take part that are making important investments to offer the desired NFC services, it is logical that the appropriate conditions have to be negotiated, bearing in mind the public transport model is very rigid as it is a public service, and also has very few economic margins. It is therefore very important that, from the very outset, work is undertaken to create a business model that will be appropriate for all the participants, because this may be a decisive barrier for the implementation of these projects Operational & Administrative Barriers New stakeholders/coordination Throughout this whole process, new stakeholders come into play (TSM, mobile phone operators) and change the way in which others perform their functions. For example, there may be sales networks without points of sale if they deal with managing mobile phone top-ups. New and old stakeholders have to fit into all the processes and work in a coordinated manner to solve the new problems arising. Process Modification, Incident Management/Responsibility Logically, technological change requires a series of changes in all the associated processes and regulations (e.g. inspector s manual), which were intended for a physical world and with cards as the only transport ticket support. As an example we have the withdrawal of cards for fraud, paper receipt of the top-up, the aforementioned identification process of the passenger by the inspector etc. These processes must be modified, as well as the company policies and regulations, the assignment of responsibilities, etc. 72

73 White paper on the application on NFC technology in the public transport Accessibility Barriers. Standards & Recommendations. It should be noted in all the transactions and cases defined here, as well as in the development of applications or environments for any procedure related to the use of NFC cards on the mobile phone or any other support on which this technology is deployed, that it may be used by anybody, regardless of their capabilities, the environments, and functionalities provided by these services to the citizen. Therefore, client applications such as supporting websites, etc must be accessible and consider accessibility mechanisms and standards. Payment Gateway. The interfaces previously mentioned for transport ticket payment management must be designed following accessibility guidelines, so any user will be able to interact with them without any discrimination because of their personal circumstances and physical or sensory abilities. All users must be able to perform complete management of any type of transaction related to transport ticket use. From their selection, acquisition and payment, providing the end-user with the media and/or accessibility facilities that are necessary for paying for the ticket bought regardless of the medium enabled for doing so (mobile phone applications, web environments, PINPAD etc.) Likewise, equipment providing solutions for maintenance and use of these tickets must consider the specific solutions for the user s full performance with them. This should include accessibility in the equipment managing the tickets acquired for use (turnstiles, vending machines and validators, etc.) as well as any application that allows ticket management and interoperability with the equipment and/or applications regardless of the medium used for delivering said ticket to the end-user. Whether the transport ticket is on a physical or logical support, with NFC technology or any other, the user must be able to clearly identify it, applying reliefs and contrasts that identify it in the case of solutions on physical support (electronic cards, etc.) and complying with the accessibility criteria in the logical medium that will help to identify the utilities that manage it (applications, digital certificates, etc.) Considering these measures will ensure that all the citizens may use this technology and its facilities regardless of their abilities. User interface application test. In these user tests the state of accessibility and usability has to be considered from the perspective and/or different cases of the user whichever the environment for which aforementioned applications or functionalities were developed. To obtain an optimum result in the implementation of these facilities, from the beginning one must have the end-users for defining the usability functional specifications. 73

74 74 White paper on the application on NFC technology in the public transport 74

White paper on the application on NFC technology in the public transport 75 10.

75 White paper on the application on NFC technology in the public transport CONCLUSIONS In the public transport world, as regards ITS systems and specifically access or payment systems, a unique moment is taking place, which, during recent years, has offered us changing work scenarios due to the emergence of new technologies and business models so far alien to this singular ticketing field. These new technologies are so varied and concurrent that, just as attractive progress can be achieved in the form of new channels and services, resounding technical and economic failures may be brought about simply as a result of a string of hasty and misguided decisions regarding the applicable models (and this is very easy due to the huge amount of new terms, systems and requirements that are difficult to know and master at the same time). We hope this Paper will serve as a prime example of when all the stakeholders taking part in technology projects of this nature agree and are coordinated, the result will be great projects that benefit all parties, being an immense satisfaction for everybody taking part. And this is the great merit of ITS Spain, thanks to which such diverse sectors as transport, communications operators, banking, mobile phone and card manufacturers, consultants and members, which were orienting the application of the new NFC technology from different points of view, have agreed on models and objectives, and also have been able to reflect in this unique and groundbreaking work in Europe, which will serve as guidelines for all the ideas and stakeholders participating in the implementation of the new technology currently being incorporated into the new mobile phones known as Smartphones. I am sure its reading will save a lot of people time and money, especially at the decisive time when new NFC projects start to be defined. In view of the above, it should be pointed out that the content of this White Paper corresponds to the current moment and is subject to the ongoing evolution of technologies and their use. But, in any case, we recommend its use as an indispensable tool for all NFC technology-based transport projects that may be implemented in Spain, or simply as a knowledge base on this fascinating world. Many thanks to everybody for their work and effort in adapting and understanding all the business models involved. Gregorio Haro Javaloyes Generalitat Valenciana Infrastructures Company 75

76 76 White paper on the application on NFC technology in the public transport 76

77 White paper on the application on NFC technology in the public transport ACKNOWLEDGEMENTS Here we include the persons who, in one way or another, have taken part in the final result of this White Paper: Gregorio Haro Javaloyes (Agencia Valenciana de Movilidad. Generalitat Valenciana), Carme Fàbregas Casas (ATM Barcelona), Fidel Angulo Santalla (ATUC), Paula San Luis Castellano (BANKIA. Innovación), Alberto Pérez Lafuente (BANKINTER), Javier Díaz (BBVA), José Cadenas (CALMELL), Carles Martí (CALMELL), Louis-Alban Batard-Dupré (CONNECTHINGS), José Manuel Mayo (Consorcios de Transporte de Andalucía), Luis Criado (Consorcio Regional Transportes de Madrid), Ioannis Douratsos (Consorcio Regional Transportes de Madrid), Dionisio González (Consorcio Regional Transportes de Madrid), Antonio Rubio Fernández (Consorcio Regional Transportes de Madrid), Gerardo Lertxundi (DBUS), Enrique Diego Bernardo (EMT de Madrid), Mario González (EMT de Madrid), Jesús Perucha Ramos (EMT de Madrid), Andrés Recio Martin (EMT de Madrid), Antonio Utrera (EMT de Málaga), Miguel Ángel Sáez (EPT Región de Murcia), Francisca Merchán Higuera (ERICSSON), Rafael Fando Mestre (FERROVIAL), Miguel Ángel Jurado Pontes (FERROVIAL), Miguel Cardo (FIDESMO), David Cristóbal (GEMALTO), José Javier Jiménez Vitón (GEMALTO), Begoña Martínez (GEMALTO), Bertrand Saby (GEMALTO), Eva Gersol (GyD IBERICA), David González (GyD IBERICA), Javier Burguillo de Santos (GMV), María Ángeles García Sanz (GMV), Javier Paniagua Sanz (GMV), Antonio Benito (INDRA), Antonio Candel Bello (INDRA), Ignacio Felipe (INDRA), Verónica Hernández (INDRA), Fidel Alario (ITS Spain), Jaime Huerta Gómez de Merodio (ITS Spain), Julián Delgado Díaz (METRO de Madrid), Manel Villalante i Llauradó (MINISTERIO DE FOMENTO), Ángel Cabo Astudillo (MINISTERIO FOMENTO), Pedro Martínez (NXP Semiconductors), Carlos Paternain (NXP Semiconductors), Belén Arranz Pintado (OBERTHUR), Julio Morales (OBERTHUR), Eric Vernhes (OBERTHUR), Eugenio Pérez Pecharromán (ONCE), María Jesús Varela Méndez (ONCE), Alberto Antón (ORANGE), Óscar Argelés Solano (ORANGE), Paloma Real Funes (ORANGE), Martín Gruver (PALMA TOOLS), Enrique Palma (PALMA TOOLS), Javier Esquinas Ferreo (RENFE), José Ramón Fernández Bazaga (RENFE), Ángel Domínguez (SKIDATA), Brenda Teutli (SKIDATA), Alberto López González (TELEFÓNICA), Antonio Carmona (TELVENT), Pedro Alonso Capitán (TRANSERMOBILE), José Ignacio Bas (TRANSERMOBILE), Patricia Manso Virtus (VODAFONE), Sergio Marcos (VODAFONE). 77

78 78 White paper on the application on NFC technology in the public transport 78

79 White paper on the application on NFC technology in the public transport GLOSSARY AFSCM AFSCM (French Association of Contactless Mobiles) is a non-profit organization that facilitates the technical development and promotion of contactless mobile phone services. Applet Software component written in a programming language that runs within the scope of another programme that contains it, for example, a web browser. The applet must run in a container provided by a host programme, through a plugin or in applications such as mobile phones that support the applet programming model. Bluetooth Card Contact Chip Dual Cards Unlike a programme, an applet does not run independently, as it usually performs a specific function that grows from an independent one. Bluetooth wireless technology is a short-range radio wave technology (2.4 GHz frequency), whose objective is to simplify communications between fixed and mobile IT devices, and among these devices and Internet, offering the possibility of creating small wireless networks, and facilitating data synchronization between personal devices. All this eliminating cables and connectors between these devices. It allows communications, including through obstacles, at distances of up to 10 metres. Logical support that may contain one or several tickets. These are electronic microcircuits that store information and control the way in which it may be accessed, offering different configurations (memory cards, smart cards or cabled logic cards) and storage capacities, and even having the capacity to perform cryptographic operations. They are embedded in the cards and are connected to the contact plate, to interact with the "outside world", which integrates different duly standardized visible metal contacts (part 2 of ISO/IEC 7816). This chip must be inserted into a reader slot in order to operate with it. Through these contacts, the reader electrically powers the card and transmits the corresponding data for operation. Card containing a chip with an interface with contact and a contactless interface. For example, contactless EMV bank cards. 79

80 80 White paper on the application on NFC technology in the public transport Emulated Mode EMV Encryption Execution Environment Smart card emulation mode, where the NFC device acts as an NFC tag or smart card, appearing to an external reader as if it were a contactless card. EMV is a global standard for inter-operation of smart cards for authenticating payments made by credit and debit cards. EMV stands for "Europay, MasterCard, VISA", the three companies that initially collaborated in the standard definition and development. The EMV standard defines the interaction between the smart cards and the card processing devices at physical, electrical, data and application level, for financial transactions. The purpose and goal of the EMV standard is to allow secure interoperability between EMV-compliant financial cards and EMV-compliant credit card payment terminals throughout the world. Financial transactions through EMV offer greater protection against fraud than traditional payments by magnetic stripe cards, and the possibility of more detailed control over the approval of transactions offline. A security function in the chip that prevents it from being cloned. It is a very advanced function that requires specialized knowledge and which is not usually necessary in NFC standard applications. A software routine in which programmes compiled for implementation may run. Firmware Firmware is a set of machine instructions for specific purposes, recorded in a memory, usually read/write, which establishes the lowest logical level that controls the electronic circuits of a device of any kind. It is strongly integrated with the device electronics, being the software that has direct interaction with the hardware: it is responsible for controlling it for correctly executing external instructions. In short, firmware is the software that manages the hardware. GlobalPlatform GlobalPlatform is an independent, non-profit organisation, consisting of an infrastructure that is standardized for the development, deployment and management of smart cards. Hardware (Hw) GlobalPlatform works to identify, develop, and publish the specifications that facilitate secure and interoperable deployment and management of multiple integrations of chip technology. Hardware refers to all the physical parts of a computer system; its components are: electrical, electronic, electro-mechanical and mechanical. 80

81 White paper on the application on NFC technology in the public transport 81 Hybrid Card Interface ISD ISO A & B Java Card LBS (Location Based Services) Midlet Mifare4Mobile Mifare Mifare Classic Mifare Desfire MIFARE Implementation Card containing two chips on the same support not connected to each other. For example a contactless Mifare with its antenna and a contact chip. In computer science, this refers to the physical and functional connection between two systems or devices of any kind giving communication between different levels, the port through which signals are sent or received from one system or subsystems to others. The device is capable of transforming the signals emitted by a device into signals understandable by the other. Issuer Security Domain of the Card in a Secure Element. Standard regulating communications between NFC devices. Java Card is a technology that allows the secure execution of small Java applications (applets) in smart cards and similar embedded devices. Location Based Services seek to provide a personalised service to users based on the information of their geographical location. They use positioning technology and network communication technology to transmit information to an LBS application that can process and respond to the request. Typical LBS applications seek to provide real-time geographical services. Application on the mobile phone that provides access to the card or application on the secure element (SE). Normally called transport application in the transport sector. Specifications defined for the correct management of one or several Mifare cards in a secure element (SE). NXP-owned trademark of a series of contactless chips widely used in transport cards all over the world. This is the most widely-used chip at present, although the new Mifare systems are implemented with the Mifare Desfire card. Mifare chip designed in 2004 that has more advanced characteristics than the Mifare Classic card. MIFARE is a contactless smart card technology, one of the most-widely installed in the world, with approximately 250million contactless smart cards and 1.5 million reader modules sold. It is equivalent to the first 3 parts of standard ISO Type A MHz with high level protocol. The typical read distance is 10 cm. the read distance depends on the power of the reader module, 81

82 82 White paper on the application on NFC technology in the public transport with shorter or longer ranges. It is owned by NXP Semiconductors (formerly part of Philips Semiconductors). Mifare Ultralight MNO Low-capacity MIFARE chip designed for use in flexible low-cost cards and for disposable tickets with a limited expiry. Mobile Network Operator. Native Mode That is written specifically for that operating system, without the need for instruction emulators or APIs. NDEF Application NFC Data Exchange Format high level logical application in a device compliant with NFC Forum standards, used to exchange information with other NFC Forum devices or NFC Forum tags. NFC Chip Chip that NFC mobile phones must have to allow NFC communication with the exterior and access to the secure elements (SE) inside the mobile phone NFC Data Exchange Format (NDEF) NFC Forum Card Emulation Mode NFC Forum Peer-to- Peer Mode (P2P) NFC Forum Read/ Write Mode It is a standardised format that may be used to exchange information between any NFC-compliant device and another NFC-compliant device or tag. The data format consists of NDEF messages and NDEF Records. The standard is supported by the NFC Forum and available free of charge for consultation. It defines how data is shared between different NFC devices, for example, between an NFC tag and a mobile phone. The mode used when an NFC Forum device is using the optional part of the NFC Forum Protocol Stack that responds to the Master/Slave Communication from a read/write terminal. When in the NFC Forum Card Emulation Mode, the NFC Forum device (emulating an NFC Forum Tag or contactless card) cannot initiate communication by itself. Communication for this mode is abbreviated as CE. The mode used when an NFC Forum device is using part of the NFC Forum Protocol Stack that enables Peer-to- Peer Communication with another NFC Forum device using the same mode. Both NFC Forum devices have the capacity to be initiator or objective. This mode uses the NFC-DEP Protocol. Communication for this mode is abbreviated as P2P. The mode used when an NFC Forum device is using the part of the NFC Forum Protocol Stack that allows Master / Slave Communication with NFC Forum tags or contactless cards. The NFC Forum device initiates the Master / Slave communication and sends commands to an NFC Forum tag or contactless card. Communication for this mode is abbreviated as RW. 82

83 White paper on the application on NFC technology in the public transport 83 NFC Forum Tag NFC ISO A component that is expected to behave in the same way as a contactless tag, compatible with at least one of the tag operation specifications supported by the NFC Forum Protocol Stack, which implements the necessary protocols and supports the data format required so that an NFC Forum device may communicate and exchange data with the component. Set of standards that specify different RFID radio frequency technologies. One of them is standard ISO18092 which defines active and passive communication modes for the interface between peripheral devices which have inductive coupling and operate at the centre frequency of MHz. NFC Mobile Phone NFC Reader NFC Tag Non-volatile/ Permanent Memory Offline Data Mobile phones with NFC technology, a wireless short range communication system that allows us to connect two devices so that they can communicate easily and effectively. The reader adapted to NFC technology that enables to read/write NFC mobile phones and cards. NFC Tags are small tags/badges/bracelets that include a small passive mode NFC chip. No battery is required and anything can be recorded on them: a web page, contact information, a telephone number, a programme, a series of orders These NFC Tags have two possible modes: write-read or only read. Therefore we can change their content to our liking or predefine a content that cannot be changed. Type of memory that can retain the stored information even when there is no power. Data that can be consulted without the need for connection to a remote data base. Offline Transactions OTA Transactions that can be performed without connection to a remote management centre. Instead, the data must be transmitted to a Central system that processes them for internal management and to ensure no loss of information. Over the Air is a communications technology that allows the operator to transmit data wirelessly to remote sites and terminals, without the need for the user s intervention. Payment Gateway E-commerce application services provider that authorises payments to e-businesses. It is equivalent to a physical POS (Point of Sale) terminal installed in an establishment. Payment gateways encrypt sensitive data such as credit card numbers to ensure the data is 83

84 84 White paper on the application on NFC technology in the public transport Physical Memory SaaS Script SE SE CRS Security Architecture Security Domain transmitted securely between customer and seller. This refers to RAM memory chips in motherboards. Software as a Service is a software distribution model where the logical support and the data it processes are stored on servers of an Information and Communications Technology (ICT) company, accessed through a web browser from a client via the Internet. A group of programming languages that are typically interpreted and can be run directly after writing each line on the keyboard. Scripts are a set of instructions, usually stored in a text file that should be interpreted line by line in real time for their execution. They are distinguished from compiled programmes as the latter must be converted to an executable binary file to run them. Scripts can be embedded in another language to increase functionality, such as PHP or Javascript scripts in HTML code. A Secure Element is a runtime environment with a high level of protection, both physical and logical. It is implemented as a microchip and a cryptographic coprocessor to process the transactions securely. Contactless application manager inside the security element. It regulates, for example, when an application is activated that there will be no conflicts with other applications previously activated. Security Architecture is the practice of applying a rigorous and comprehensive method for describing a current and/or future structure and the behaviour of the security processes of an organisation, information security systems and personnel and organizational subunits, so that they can align with the common goals of the Organisation and strategic management. A collection of data and means of secure access under a common security policy. The domain is under the responsibility of a supervisor, a person who defines and applies the security policy to protect the content within the security domain. In transport, it would be the security domain of the transport company or of the TSM in which it has placed its trust. SEI Service Provider SP Secure Element Issuer. Organization or company that issues the Secure Element. In public transport it refers to transport service providers, such as operators and transport companies. 84

85 White paper on the application on NFC technology in the public transport 85 SIM / UICC Software (Sw) TAG Telephony Operator Ticket Ticket Top-up Transport Application Transport Authority Transport Company Transport Operator Transport Tickets TSM A Subscriber Identity Module card is a smart card used in HSDPA or HSUPA modems and mobile phones. SIM cards securely store the subscriber service key used to identify itself to the network, so that it will be possible to change the line from one terminal to another simply by changing the card. The use of the SIM card is compulsory in GSM networks. Its equivalent in UMTS networks is called a USIM. SIM cards are available in four sizes: Nano-SIM, SIM, Mini- SIM and Micro-SIM. Software is a computer system s logical equipment or logical support, which comprises all the logical components that make it possible to perform specific tasks, as opposed to the physical components that are called hardware. Tag with electronic and logical RFID circuitry, with memory capacities according to the integrated circuit built in. They are usually integrated in a self-adhesive flexible support. Telephone company that provides telecommunications services (voice, data, ) for clients. Contract/ ticket/ transport ticket. Transaction consisting of charging /topping up, renewing or adding value to a ticket in a card. The different tickets we can access inside our card. We can store one or more applications in our card. Consortium in charge of coordinating and planning the public transport in a given geographical area. Transport operator or authority responsible for the card. Individuals or legal entities that provide passenger and goods transport services. A transport ticket is a means of payment for the public transport service such as buses, trams and some railways. To prove that payment has been made, the law requires local public transport companies to give the passenger a receipt or ticket. The price of each ticket varies according to the type of transport and the length of the journey. The Trusted Service Manager acts as a neutral agent that initiates the commercial agreements between the mobile phone network operators and other companies that control the mobile phone security element. The manager allows services providers to distribute and manage their remote applications, allowing access to the secure element. 85

86 86 White paper on the application on NFC technology in the public transport Virtual Card Volatile/non- Permanent Memory An instrument created to make payments over the Internet or mobile phone, avoiding the presentation of a physical card. The virtual card offers a higher level of security than traditional cards in purchases made over the Internet or by mobile phone, being valid for just one transaction. Before making the purchase, the customer, through their financial institution s website, must apply for a «virtual card» for the purchase in question: transaction amount, expiry date and concept. The memory that loses its data when the power supply is interrupted. 86

87 White paper on the application on NFC technology in the public transport FAQs What is NFC? Near Field Communication (NFC) is a short range wireless connectivity technology model designed for intuitive, simple and secure communication between electronic devices. NFC communication is possible through holding two devices enabled with this technology at a few centimetres distance. NFC technology applications include those of current contactless cards, such as payment and transport. Other NFC applications are the quick and easy transfer of data including electronic business cards, and access to digital content online through the reading of NFC tags. What uses can NFC technology have? The benefits of NFC technology are so attractive that many service providers are using this technology to improve the customer experience. NFC-enabled services are quick and easy to use without compromising the security of the existing service. NFC makes it easier to share data between devices, get information, use public transport or pay for goods and services, all by just holding the compatible NFC devices near each other, in general, at a range of less than four cm. There are a wide range of devices and machines that can be activated with NFC technology: Mobile phones Access control turnstiles Consumer electronics equipment Vending machines Parking meters Cash registers or "point of sale" equipment ATMs Office, house, and garage doors Personal computers Posters, street signs, bus stops, points of interest (only with readable NFC tags). Product packaging NFC technology allows us to interact with all surrounding information. Mobile phone devices with this technology can "read" information stored in "NFC tags". These tags can be placed on objects of everyday use, such as posters, signs, bus stops, traffic signs, medicine labels, certificates, food packaging and a lot more. 87

88 88 White paper on the application on NFC technology in the public transport We can also use NFC tags in special documents like parking permits, credit and debit cards to prove authenticity. An NFC hologram is copy proof and can be invalidated in the event of theft. In short, what does NFC contribute to public transport? With the application of this technology, the mobile phone can interact with the contactless card ecosystem currently used in public transport, identification and access systems, credit cards, etc. How does NFC technology facilitate mobile phone payment and issuance of tickets? NFC makes it possible for tickets and contactless cards to be contained in devices of everyday use such as mobile phones. Instead of carrying several physical cards, the user can choose to carry some or all of their cards in a personal device like an NFC-enabled mobile phone. NFC technology used with contactless payment technology can speed up queues at cash desks in shops or unattended machines such as parking meters. Contactless ticketing has revolutionised transport and ticket sales for events thanks to its speed and flexibility. With NFC-enabled devices such as mobile phones, one can buy tickets, receive them on the mobile phone, and sail through turnstiles while other have to wait. Thanks to the connectivity of the telephone terminal, users can remotely check their balance or update tickets. Download information quickly (such as bus timetables) holding your NFC phone near a poster with readable NFC information. NFC technology is helping to increase the acceptance and use of contactless services, because it is based on an international standard designed to work for any service, anywhere, and all over the world. What is the NFC Forum? The NFC Forum is a non-profit organization whose mission is to promote the use of NFC technology developing specifications, ensuring interoperability among devices and services, and educating the market on this technology. Around 140 companies, many of them leaders in their markets, have come together to achieve this goal. See for more information. When will NFC be a reality? When will its use be generalized? In 2012, 150 million NFC-enabled mobile were sold. According to analysts, there will be 500 million NFC devices in 2015, which represents 50% of the annual market. 3 out of every 4 NFC mobile phones have embedded SE. In Japan, FeliCa, which is a similar passive mode contactless technology, has already been implemented with payment as a primary application. 88

89 White paper on the application on NFC technology in the public transport 89 How does NFC technology work? NFC is based on inductive coupling, in the same way as the primary and secondary windings of a transformer transfer power, where inductive circuits weakly coupled share power and data at a few centimetres distance. There are two modes of setting up communication: active mode and passive mode. In passive mode, the initiator device generates the electromagnetic field and the target device gets enough power to operate the electromagnetic field generated by the initiator. In the active mode, both the target and the initiator device communicate, generating their own electromagnetic field. In this mode, both devices require a power source to operate. How is NFC technology based on existing technologies? NFC technology is based on pre-existing contactless payment and ticketing models, which are used every day by millions of people worldwide. These models determine not only the "contactless" operating environment such as the physical requirements of the antennas, but also the format of the data being transferred and the data rates for this transfer. What standardization organizations recognize NFC technology? NFC standards are recognized by the ISO / IEC (International Organization for Standardization / International Electrotechnical Commission), ETSI (European Telecommunications Standards Institute) and ECMA (European Association for Standardizing Information and Communication Systems). What ISO / IEC standards are compatible with NFC Forum specifications? The devices compatible with the NFC Forum Read/Write mode must be compatible with Radiofrequency (RF) Requirements of standards ISO / IEC 14443A, ISO / IEC 14443B and FeliCa as indicated in the relevant parts of standard ISO What are the data transmission speeds? NFC data transmission is measured in kilobytes per second (kbps). The NFC standard is compatible with different types of data, once again, to ensure interoperability between existing infrastructures. Current data transmission speeds are 106kbps, 212kbps, and 424kbps. What s the difference between an NFC device and an NFC tag? An NFC device can function in the Read/Write mode, in the peer-to-peer mode, and in card emulation mode. An NFC tag is typically a passive device (for example, integrated in a smart poster) which stores data that can be read with an NFC device. What s the difference between a card and a tag? Contactless cards, currently used for the sale of tickets and payment include additional technology to that of the tags to store secure data. 89

90 90 White paper on the application on NFC technology in the public transport What can be recorded on an NFC tag? The memory varies according to the NFC tag. In general, a short URL, a phone number to trigger a call or send an SMS or can be recorded. With an NFC-enabled application, one can connect the device to a pre-configured wireless network or perform an action on the application. I already have an App, why would I need contactless tags? To complement an App. In the new context of urban mobility, people carry and use their mobile phone all the time. New needs arise such as instant access to information. The App needs to be downloaded, opened and browsed before accessing the relevant information. NFC satisfies the need to access important information simply and instantly. Furthermore, from a site accessible from an NFC tag, one can place the application for download on a second level. It is visible: The transport operator has to promote its implementation. For Android, it needs to gain visibility among more than applications available in Spain, and 600 new ones being added every day... Contactless tags allow visibility to be given to a mobile phone service from bus shelters when and where quick information on the journey is needed most. They are entry points to the transport world and the whole city: Users can access both transport information (timetables, incidents, Apps, fares, etc.) and city information (culture, tourism, events, restaurants, etc.) Its use in universal: A contactless tag (NFC and QR code) allows compatibility with 100% of Smartphones. On the contrary, mobile phone applications only satisfy the needs of some passengers, since it is a highly fragmented solution. In most cases it is a single, iphone and sometimes Android, operating system (OS). The cost of extending it to other platforms (BlackBerry, Windows iphone, Bada, Firefox, etc.) is sometimes prohibitively high for an operator. Once the application has been developed, constant financing of updates is required to avoid malfunction or incompatibility (e.g. iphone version 3, 3G, 3GS, 4, 4s, 5, and soon, 6). How is NFC related to other wireless communication technologies? NFC is a technology based on short range (a few centimetres) wireless connectivity standards, which make bi-directional interactions between electronic devices easier and more secure, enabling consumers to perform contactless transactions, access to digital content, and connect with one-touch electronic devices. Bluetooth wireless technology was designed to replace cables for mobile phones, laptops and other computer and communication devices within a 10-metre range. Wi-Fi technology was designed and optimized for Local Area Networks (LAN). This provides an extension or replacement of cable networks for dozens of computer devices within a 100-metre range. ZigBee wireless technology is a standard that allows control and monitoring of industrial and residential uses within a 100-metre range. IrDA is a short range (<1 metre) line of sight communication model for the interchange of data by infrared light. IrDA interfaces are frequently used in computers and mobile phones. RFID (Radio Frequency Identification) is an automatic identification method that is based on the storage and retrieval of remote data that uses devices called RFID tags. 90

91 White paper on the application on NFC technology in the public transport 91 An RFID tag is a small object that can be attached to or incorporated in a product. RFID tags contain silicon chips so they can receive and respond to queries from an RFID reader/writer. Smart contactless cards incorporate a chip (microprocessor) that communicates with a card reader through RFID technology. Examples of contactless smart card communications are Standards ISO / IEC and FeliCa, which allow communication over distances of up to 10 cm. What are the operating modes of NFC devices? NFC devices are the only ones that can change their operating mode to read/write, peer-to-peer or card emulation mode. The different operating modes are based on contactless smart card standards ISO / IEC NFC IP-1 and ISO / IEC In read/write mode, the NFC device can read NFC Forum-specified tag types, such as reading a tag on an NFC Smart Poster. The read/write mode of the RF interface is compatible with Standard ISO and FeliCa systems. In the peer-to-peer (P2P) mode, two NFC devices can exchange data. For example, you can share parameters set up with Bluetooth or Wi-Fi connection or exchange data such as virtual business cards or digital photos. P2P is the mode standardised in ISO / IEC and the only one particular to NFC that was not present in the contactless mode. In card emulation mode, the NFC device is, for an external reader, very similar to a traditional contactless smart card reader. This enables contactless payments and ticket sales through NFC devices without modifying the existing infrastructure. Will my readers (validation device / inspection device) have to be NFC Forumcertified? What certification will they need? Why do they need to be certified? For readers to have optimum interoperability with devices used by the public, the NFC Forum strongly recommends that readers comply with NFC Forum specifications. Reader certification will ensure that devices meet all requirements of the NFC Forum specifications and increase the probability of full interoperability. To use the N-Mark, readers will have to go through the NFC Forum Certification Programme, which will ensure that readers can perform both read/write and peer-to-peer functions. What is a Secure Element? What types of Secure Elements are there, and why are they necessary for NFC? The secure element is a runtime environment with a high level of protection, both physical and logical. It is implemented as a microchip and a cryptographic coprocessor to process transactions securely. We can find three types of secure elements on the NFC mobile phone: UICC (Universal Integrated Circuit Card), commonly known as SIM card. Embedded Secure Element (ese). An additional chip in the hardware that implements the secure element functions and is connected to the NFC terminal circuitry. Micro SD memory card, including a SE chip and NFC circuitry (antenna and controller). It is a less attractive option than the previous ones due to its higher price. Its biggest advantage is its speed to execute projects, since it is not necessary to coordinate with mobile phone operators or phone manufacturers. 91

92 92 White paper on the application on NFC technology in the public transport NFC Forum specifications do not dictate what security elements applications have to use. Each operator is free to choose how to implement NFC technology in a phone, how to potentially install NFC communication in devices that do not have SD card slots or UICC slots, or that have incorporated security elements, must find what devices are available in their respective geographical areas and focus on them. In addition, a phone can have multiple security features. In this case, the consumer will decide which application he/she is going to use for the next journey and select one to enable it. On the other hand, the NFC Forum is currently working on a specification that will provide standardized interfaces between all the security configuration elements. ETSI has developed a specification to access the secure element in the UICC, the GSMA providing additional support in the form of White Papers. This material can be found on the websites of the two organisations. Can I use the phone as a smart card if the phone is off? And what functionalities are enabled? NFC Forum specifications do not dictate the phone s use. NFC can be used in card emulation mode when the phone is switched off. Also, if the phone cannot be switched on due to low battery, it is possible to use the card emulation mode with the residual charge in the battery. If the battery is removed from the phone, it is unlikely that any NFC functionality can be used. It is recommended that you check with mobile device manufacturers on the actual functions provided, as this may change from model to model. Can I use the NFC functionality in the middle of a phone conversation? And what functionality is enabled? In the phones that have been used in trials and commercial rollouts for ticketing, the NFC has been implemented in such a way that passengers do not have to interrupt ongoing calls to check in or out of the public transport system. However, because each ticketing solution will have its own specific application, it cannot be guaranteed that this will always be the case. To ensure a common user experience, public transport agencies and service providers need to raise awareness on the need for this requirement in the appropriate regulatory bodies. This means not only to request such functionality from pone manufacturers and mobile network operators, but also to standardize the application layer for public transport. Some of these FAQs have been extracted from the document of the NFC forum "NFC in Public Transport", (January, 2011). 92

93 This White Paper was possible thanks to the collaboration of:

NEAR FIELD COMMUNICATION - THE FUTURE TECHNOLOGY FOR AN INTERACTIVE WORLD

NEAR FIELD COMMUNICATION - THE FUTURE TECHNOLOGY FOR AN INTERACTIVE WORLD Int. J. Engg. Res. & Sci. & Tech. 2013 Jignesh Patel and Badal Kothari, 2013 Research Paper ISSN 2319-5991 www.ijerst.com Vol. 2, No. 2, May 2013 2013 IJERST. All Rights Reserved NEAR FIELD COMMUNICATION