An NFC Ticketing System with a new approach of an

Inverse Reader Mode

Dresden, 22/11/2013 Felipe de Sousa Silva

Outline

• NFC Overview

• NFC Public Ticket System.

• Intention of the Inverse Reader Mode

• The Inverse Mode Design

• Validation Process

• Conclusion

TU Dresden, 22/11/2013

NFC Overview

• What is NFC ?• NFC ( near field communication ) is a short-range wireless

technology that enable two devices to securely exchange small amounts of data when they are placed a few centimeters apart.

• Applications of NFC• Files transference• Collect multimedia information• E-payment• Public transportation ticketing

TU Dresden, 22/11/2013

Why should I use NFC ?

• NFC vs Paper tickets• Tickets stored in phones are less likely to be lost than paper

tickets.

• Studies have repeatedly shown that people are less likely to

leave home without their phones than anything else.

• Obtaining a ticket is much more convenient, because it can be

sent electronically to the NFC-enabled phone.

TU Dresden, 22/11/2013

Why should I use NFC ?

• NFC vs Contactless Card• An NFC-enabled phone can hold more than one ticket from

more than one transport operator.

• Using their NFC-enabled phones, consumers can manage their

cards and tickets anywhere at any time.

• Smart cards stored in an NFC-enabled phone are less

susceptible to “collision.”

TU Dresden, 22/11/2013

Why should I use NFC ?

• NFC vs Barcode• NFC ticketing is also faster. There is no need to open an

application to find the 2D barcode; the phone experience is a

simple tap-and-go.

• NFC-enabled phones are two-way devices, enabling the traveler

to both send and receive information, while 2D barcodes are

read-only.

• QR codes are not always easy to read

TU Dresden, 22/11/2013

NFC Modes

• Operation Modes• Reader / Write • Card emulation• Peer-to-peer

TU Dresden, 22/11/2013

NFC Modes

• Operation Modes• Reader / Write • Card emulation• Peer-to-peer

TU Dresden, 22/11/2013

NFC Modes

• Operation Modes• Reader / Write • Card emulation• Peer-to-peer

TU Dresden, 22/11/2013

NFC Design

TU Dresden, 22/11/2013

• The NFC chip has direct access to UICC and SAM chip.

• The Secure chip and UICC are used to store sensitive data like keys and personal information.

• Unfortunately the usage of the SE is restricted by the owner.• Manufacturer• MMO• TSM

NFC Ticketing System

TU Dresden, 22/11/2013

Intention of the Inverse Reader Mode

• Current ticketing systems use NFC enabled mobile phones in card emulation or peer-to-peer mode.

• Problems with card emulation mode: • Owner of the secure element vs. third party service provider restricted or

no access to the secure element of the mobile phone.

• Problems with peer-to-peer mode:• Compatibility problems with different implementations (e.g. Symbian vs.

Android)• No access to the lower layers (APDU) on some operating systems (e.g.

Windows Phone)

• Problems with software emulated tags:• Only few implementations (e.g. RIM’s Blackberry OS since version 7,

Cyanogenmod

TU Dresden, 22/11/2013

Intention of the Inverse Reader Mode

• New approach: Inverse Reader Mode

• No secure element is needed on the mobile phone

• The mobile phone uses only the reader/writer mode, which works on all NFC enabled phones

• Light-weight and well-established protocol stack (ISO/IEC 14443-4 and 7816-4)

• Card emulation support is needed on the reader side

TU Dresden, 22/11/2013

The Inverse Mode Design

TU Dresden, 22/11/2013

APDU Exchange Data

TU Dresden, 22/11/2013

• For exchanging data from the smartphone to the validation terminal APDU messages are used.

• APDU Commands• SELECT DF• READ BINARY• WRITE BINARY

File System

TU Dresden, 22/11/2013

• StationID• Stores the identification of the

ticket station.

• TicketID• Used to store the ticket information

into the ticket station.

• TicketDate• Similar to the TicketID File. Used to

store the ticket date.

• ValidInfo• The Server check the information

and write into this file the result.

Validation Process

TU Dresden, 22/11/2013

• NFC phone requests the station ID.

• The phone selects the correct ticket, send to the system and wait for a confirmation.

• The phone send the ticket date and wait for another confirmation.

• At the end the phone send a message requesting the content of the validInfo file.

Validation Process

TU Dresden, 22/11/2013

• If the validation process was accomplished successfully, all file identifiers will be set to their default values.

Conclusion

TU Dresden, 22/11/2013

• Alternative to the card emulation mode

• Avoiding the access restrictions of the secure element

• Until now security was not considered in detail

References

TU Dresden, 22/11/2013

• http://www.smartcardalliance.org/pages/publications-nfc-frequently-asked-questions

• http://www.nexperts.com/nexpertise/technology/how-does-it-work/• http://www.nfc.cc/wp-content/uploads/2011/03/architecture.jpg• http://supportforums.blackberry.com/t5/Native-Development/Peer-to-peer-

NFC-How-to-send-multiple-messages/td-p/2645143• http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6482448• http://nfc-workshop.org/2013/documentation/Presentation_FH-

OOe_InverseReaderMode.pdf

TU Dresden, 22/11/2013

Thank You !